diff --git a/.gitignore b/.gitignore
index 0d7383c1..fb35ddba 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,3 +4,4 @@ db/*
 .envrc
 static/dist/
 node_modules/
+keys/*.pem
diff --git a/Cargo.toml b/Cargo.toml
index 266ccc05..b8090179 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -34,3 +34,6 @@ thiserror = "1.0"
 validator = { version = "0.16", features = [ "derive" ] }
 jsonwebtoken = "9.1"
 openssl = "0.10"
+
+[build-dependencies]
+openssl = "0.10"
diff --git a/Rocket.toml b/Rocket.toml
index dbe65aba..1c66465f 100644
--- a/Rocket.toml
+++ b/Rocket.toml
@@ -17,7 +17,7 @@ maximum_pending_users = 25
 
 [debug]
 secret_key = "1vwCFFPSdQya895gNiO556SzmfShG6MokstgttLvwjw="
-ec_private_key = "keys/replace_me.pem"
+ec_private_key = "keys/jwt_key.pem"
 bcrypt_cost = 4
 seed_database = true
 
diff --git a/build.rs b/build.rs
new file mode 100644
index 00000000..2ab44fc3
--- /dev/null
+++ b/build.rs
@@ -0,0 +1,18 @@
+use std::fs::File;
+use std::io::Write;
+use std::path::Path;
+
+use openssl::ec::{EcGroup, EcKey};
+use openssl::nid::Nid;
+use openssl::pkey::PKey;
+
+fn main() {
+	let path = Path::new("keys/jwt_key.pem");
+	if !path.exists() {
+		let group = EcGroup::from_curve_name(Nid::SECP384R1).unwrap();
+		let pkey = PKey::from_ec_key(EcKey::generate(&group).unwrap()).unwrap();
+		let mut f = File::create(path).unwrap();
+		let pem = pkey.private_key_to_pem_pkcs8().unwrap();
+		f.write_all(&pem).unwrap();
+	}
+}
diff --git a/keys/.gitkeep b/keys/.gitkeep
new file mode 100644
index 00000000..e69de29b
diff --git a/keys/replace_me.pem b/keys/replace_me.pem
deleted file mode 100644
index 42382b14..00000000
--- a/keys/replace_me.pem
+++ /dev/null
@@ -1,6 +0,0 @@
------BEGIN PRIVATE KEY-----
-MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDDNQu50efpQZtGKN1tx
-j5h+/br9yPUFc5gcvGqQd9wXGa1t8bW/LxtZ/Ho/yPALTIihZANiAARUWV9grHuS
-RSVYlanDOaWyrIRbmwbWwJnL6InJoZwGNSEeTmK15H3QgeMA+KF3+yDkw2ECXEtS
-7gyURyrAzUOK59QACUMgRuRsP7vUGq5/nMJFSLsb+reiKAmB7G/fUxE=
------END PRIVATE KEY-----
diff --git a/tests/common/mod.rs b/tests/common/mod.rs
index a23af175..a8811803 100644
--- a/tests/common/mod.rs
+++ b/tests/common/mod.rs
@@ -44,7 +44,7 @@ pub fn config() -> Config {
 		email_confirmation_token_seconds: 300,
 		secure_token_length: 64,
 		bcrypt_cost: BCRYPT_COST,
-		ec_private_key: "keys/replace_me.pem".to_string(),
+		ec_private_key: "keys/jwt_key.pem".to_string(),
 		base_url: "example.com".to_string(),
 		mail_queue_size: 10,
 		mail_queue_wait_seconds: 0,