diff --git a/config/gitlab.yml.example b/config/gitlab.yml.example
index 06c9f734c2a..c2eaf263937 100644
--- a/config/gitlab.yml.example
+++ b/config/gitlab.yml.example
@@ -505,6 +505,11 @@ production: &base
     # If you use non-standard ssh port you need to specify it
     # ssh_port: 22
 
+  workhorse:
+    # File that contains the secret key for verifying access for gitlab-workhorse.
+    # Default is '.gitlab_workhorse_secret' relative to Rails.root (i.e. root of the GitLab app).
+    # secret_file: /home/git/gitlab/.gitlab_workhorse_secret
+
   ## Git settings
   # CAUTION!
   # Use the default values unless you really know what you are doing
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 87bf48a3dcd..7a8f00f11b2 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -387,6 +387,12 @@ Settings.gitlab_shell['ssh_user']     ||= Settings.gitlab.user
 Settings.gitlab_shell['owner_group']  ||= Settings.gitlab.user
 Settings.gitlab_shell['ssh_path_prefix'] ||= Settings.__send__(:build_gitlab_shell_ssh_path_prefix)
 
+#
+# Workhorse
+#
+Settings['workhorse'] ||= Settingslogic.new({})
+Settings.workhorse['secret_file'] ||= Rails.root.join('.gitlab_workhorse_secret')
+
 #
 # Repositories
 #
diff --git a/lib/gitlab/workhorse.rb b/lib/gitlab/workhorse.rb
index e6e40f6945d..c551f939df1 100644
--- a/lib/gitlab/workhorse.rb
+++ b/lib/gitlab/workhorse.rb
@@ -168,7 +168,7 @@ module Gitlab
       end
 
       def secret_path
-        Rails.root.join('.gitlab_workhorse_secret')
+        Gitlab.config.workhorse.secret_file
       end
 
       def set_key_and_notify(key, value, expire: nil, overwrite: true)