diff --git a/abra b/abra
index 9e98ebf2..b9ef6bd9 100755
--- a/abra
+++ b/abra
@@ -344,8 +344,18 @@ get_servers() {
 }
 
 get_app_secrets() {
+  get_app_passwords
+  get_app_keys
+}
+
+get_app_passwords() {
   # FIXME 3wc: requires bash 4, use for loop instead
-  mapfile -t SECRETS < <(grep "PASSWORD.*VERSION" "$ENV_FILE" | cut -d' ' -f2)
+  mapfile -t PASSWORDS < <(grep "SECRET.*PASSWORD.*VERSION.*" "$ENV_FILE" | cut -d ' ' -f2-)
+}
+
+get_app_keys() {
+  # FIXME 3wc: requires bash 4, use for loop instead
+  mapfile -t KEYS < <(grep "SECRET.*KEY.*VERSION.*" "$ENV_FILE" | cut -d' ' -f2-)
 }
 
 load_instance() {
@@ -396,6 +406,25 @@ prompt_confirm() {
   esac
 }
 
+parse_secret() {
+  SECRET="$1"
+
+  if [[ "$SECRET" == *"length"* ]]; then
+    abra__length_="$(echo $SECRET | sed -e 's/.*[^0-9]\([0-9]\+\)[^0-9]*$/\1/')"
+  else
+    abra__length_=32
+  fi
+
+  abra__secret_="${SECRET%_VERSION=*}"  # strip _VERSION=v1
+  abra__secret_="${abra__secret_#SECRET_}"  # strip SECRET_
+  abra__secret_="${abra__secret_,,}"  # lowercase
+
+  abra__version_="$(echo $SECRET | sed -n 's/.*\(v[0-9]\).*/\1/p')"
+
+  echo "Generating $abra__secret_, version: $abra__version_, length: $abra__length_"
+  sub_app_secret_generate
+}
+
 #######################################
 # abra app ..
 #######################################
@@ -480,7 +509,8 @@ sub_app_new (){
   abra__domain_="$DOMAIN"
 
   get_app_secrets
-  if [ "${#SECRETS[@]}" -gt 0 ] && [ "$abra___auto" == "true" ]; then
+
+  if [ "${#PASSWORDS[@]}" -gt 0 ] || [ "${#KEYS[@]}" -gt 0 ] && [ "$abra___auto" == "true" ]; then
     sub_app_secret_auto
   fi
 
@@ -633,8 +663,13 @@ sub_app_secret_generate(){
 
   SECRET="$abra__secret_"
   VERSION="$abra__version_"
-  PWGEN=${abra__cmd_:-pwgen}
+  LENGTH="$abra__length_"
 
+  if [[ "$SECRET" == *"password"* ]]; then
+    PWGEN="${abra__cmd_:-pwqgen}"
+  else
+    PWGEN=${abra__cmd_:-pwgen -n "$LENGTH"}
+  fi
 
   if [ -z "$SECRET" ] || [ -z "$VERSION" ]; then
     error "Required arguments missing"
@@ -657,13 +692,12 @@ sub_app_secret_auto(){
 
   get_app_secrets
 
-  for SECRET in "${SECRETS[@]}"; do
-    abra__secret_="${SECRET%=*}"  # strip =v1
-    abra__secret_="${abra__secret_%_VERSION}"  # strip VERSION_
-    abra__secret_="${abra__secret_,,}"  # lowercase
-    abra__version_="${SECRET#*=}"
-    echo "Generating $abra__secret_"
-    sub_app_secret_generate
+  for PASSWORD in "${PASSWORDS[@]}"; do
+    parse_secret "$PASSWORD"
+  done
+
+  for KEY in "${KEYS[@]}"; do
+    parse_secret "$KEY"
   done
 }