diff --git a/docs/configuring-playbook-cactus-comments.md b/docs/configuring-playbook-cactus-comments.md
index 1213aae63..744193aa4 100644
--- a/docs/configuring-playbook-cactus-comments.md
+++ b/docs/configuring-playbook-cactus-comments.md
@@ -19,8 +19,6 @@ Add the following block to your `vars.yaml` and make sure to exchange the tokens
 #################
 
 matrix_cactus_comments_enabled: true
-matrix_cactus_comments_hs_token: wXchqGY94uhlk4OQ2ObPf0jsOMsnqXE9xuS2szB5
-matrix_cactus_comments_as_token: cvv8Y6OhAJqDbd1KCpRhc4mecZE9xuS2skBopaU5
 
 # To allow guest comments without users needing to log in, you need to have guest registration enabled.
 # To do this you need to uncomment one of the following lines (depending if you are using synapse or dentrite as a homeserver)
diff --git a/group_vars/matrix_servers b/group_vars/matrix_servers
index 8959987e8..ff9afe3f9 100755
--- a/group_vars/matrix_servers
+++ b/group_vars/matrix_servers
@@ -1337,6 +1337,10 @@ matrix_backup_borg_systemd_required_services_list: |
 
 matrix_cactus_comments_enabled: false
 
+# Derive secret values from homeserver secret
+matrix_cactus_comments_as_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus-comments.as.token') | to_uuid }}"
+matrix_cactus_comments_hs_token: "{{ '%s' | format(matrix_homeserver_generic_secret_key) | password_hash('sha512', 'cactus-comments.hs.token') | to_uuid }}"
+
 matrix_cactus_comments_container_image_self_build: "{{ matrix_architecture not in ['amd64', 'arm32', 'arm64'] }}"
 
 # Normally, matrix-nginx-proxy is enabled and nginx can reach cactus-comments over the container network.