diff --git a/.gitignore b/.gitignore
index 200bf3d..9613088 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 *.swp
 .env
+.env.bak
diff --git a/README.md b/README.md
index 4b372ee..8a892c4 100644
--- a/README.md
+++ b/README.md
@@ -34,7 +34,7 @@ follow these steps:
   * `git clone https://github.com/jitsi/docker-jitsi-meet && cd docker-jitsi-meet`
 * Create a ``.env`` file by copying and adjusting ``env.example``
   * `cp env.example .env`
-  * Set strong passwords in the security section options, they ccan be generated with `openssl rand -hex 16`
+  * Set strong passwords in the security section options: `./gen-passwords.sh`
 * Create required `CONFIG` directories
   * `mkdir -p ~/.jitsi-meet-cfg/{web/letsencrypt,transcripts,prosody,jicofo,jvb,jigasi,jibri}`
 * Run ``docker-compose up -d``.
@@ -58,7 +58,9 @@ or to use jigasi too: ``docker-compose -f docker-compose.yml -f jigasi.yml -f ji
 This setup used to have default passwords for intetrnal accounts used across components. In order to make the default setup
 secure by default these have been removed and the respective containers won't start without having a password set.
 
-Strong passwordds may be generated as follows: `openssl rand -hex 16`
+Strong passwordds may be generated as follows: `./gen-passwords.sh`
+This will modify your `.env` file (a backup is saved in `.env.backup`) andd set strong passwords for each of the
+require options. Passwords are  generated using `openssl rand -hex 16` .
 
 DO NOT reuse any of the passwords.
 
diff --git a/env.example b/env.example
index f63278c..60bc28f 100644
--- a/env.example
+++ b/env.example
@@ -1,8 +1,8 @@
 # Security
 #
 # Set these to strong passwords to avoid intruders from impersonating a service account
-# Here is how to generate a good password: openssl rand -hex 16
 # The service(s) won't start unless these are specified
+# Running ./gen-passwords.sh will update .env with strong passwords
 # You may skip the Jigasi and Jibri passwords if you are not using those
 # DO NOT reuse passwords
 #
diff --git a/get-passwords.sh b/get-passwords.sh
new file mode 100755
index 0000000..4aae701
--- /dev/null
+++ b/get-passwords.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+function generatePassword() {
+    openssl rand -hex 16
+}
+
+JICOFO_COMPONENT_SECRET=`generatePassword`
+JICOFO_AUTH_PASSWORD=`generatePassword`
+JVB_AUTH_PASSWORD=`generatePassword`
+JIGASI_XMPP_PASSWORD=`generatePassword`
+JIBRI_RECORDER_PASSWORD=`generatePassword`
+JIBRI_XMPP_PASSWORD=`generatePassword`
+
+sed -i ".bak" \
+    -e "s#JICOFO_COMPONENT_SECRET=.*#JICOFO_COMPONENT_SECRET=${JICOFO_COMPONENT_SECRET}#g" \
+    -e "s#JICOFO_AUTH_PASSWORD=.*#JICOFO_AUTH_PASSWORD=${JICOFO_AUTH_PASSWORD}#g" \
+    -e "s#JVB_AUTH_PASSWORD=.*#JVB_AUTH_PASSWORD=${JVB_AUTH_PASSWORD}#g" \
+    -e "s#JIGASI_XMPP_PASSWORD=.*#JIGASI_XMPP_PASSWORD=${JIGASI_XMPP_PASSWORD}#g" \
+    -e "s#JIBRI_RECORDER_PASSWORD=.*#JIBRI_RECORDER_PASSWORD=${JIBRI_RECORDER_PASSWORD}#g" \
+    -e "s#JIBRI_XMPP_PASSWORD=.*#JIBRI_XMPP_PASSWORD=${JIBRI_XMPP_PASSWORD}#g" \
+    .env