diff --git a/roles/misp/tasks/config.yml b/roles/misp/tasks/config.yml
index bce8637d7e656ceea20a23985a710f0588f1354e..a23c5e899298c804fbf16f499069f7e212a063c9 100644
--- a/roles/misp/tasks/config.yml
+++ b/roles/misp/tasks/config.yml
@@ -33,6 +33,12 @@
    misp_api_key: "{{ get_output.stdout }}"
   when: '"initialised" in init_output.stdout'   
 
+- name: Store API key
+  copy:
+    content: "{{misp_api_key}}"
+    dest: "{{playbook_dir}}/secrets/tokens/misp"
+  delegate_to: 127.0.0.1
+
 - name: add users
   uri:
    url: "https://{{soctoolsproxy}}:6443/admin/users/add/1"
diff --git a/roles/nifi/templates/flow.xml.j2 b/roles/nifi/templates/flow.xml.j2
index 1a0096b513b7cc10f7f5202b50fd1eb41ae6dd3a..01b923157f1f70b8146eba008a44bf33d5004691 100644
--- a/roles/nifi/templates/flow.xml.j2
+++ b/roles/nifi/templates/flow.xml.j2
@@ -12909,7 +12909,7 @@
         <name>Timestamp Format</name>
       </property>
     </controllerService>
-    <variable name="misp_token" value="{{ misp_token }}" />
+    <variable name="misp_token" value="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}" />
     <variable name="maxmind_key" value="{{ maxmind_key }}" />
     <variable name="misp_ip_first_interval" value="60d" />
     <variable name="elastic_username" value="{{ elastic_username }}" />
diff --git a/utils/flow2template.py b/utils/flow2template.py
index 4fafbdae8bc48b482588504bf3d509ccacc83a8a..b2018328c6ccf5d7c53bf75645c3f44122cc4ba2 100755
--- a/utils/flow2template.py
+++ b/utils/flow2template.py
@@ -13,7 +13,7 @@ et = xml.etree.ElementTree.parse(f)
 for v in et.findall(".//variable"):
     a=v.attrib
     if a['name']=="misp_token":
-        a['value']="{{ misp_token }}"
+        a['value']="{{lookup('file','{{playbook_dir}}/secrets/tokens/misp')}}"
     elif a['name']=="misp_url":
         a['value']="{{ misp_url }}"
     elif a['name']=="maxmind_key":