diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
index 1bd3acbf06b..02a19dde3e9 100644
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
@@ -7,6 +7,6 @@ FLASK_DEBUG = True
 # it is good to check default value always, maybe
 # the user responsible for setup the application make a mistake
 # and has not changed the default SECRET_KEY value
-SECRET_KEY = os.getenv('envKey')  # A_CONSTANT_SECRET
+SECRET_KEY = os.getenv('envKey', "A_CONSTANT_SECRET")  # A_CONSTANT_SECRET
 if SECRET_KEY == "A_CONSTANT_SECRET":
     raise "not possible"