diff --git a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
index 5c37a80de3c..1bd3acbf06b 100644
--- a/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
+++ b/python/ql/src/experimental/Security/CWE-287-ConstantSecretKey/examples/config3.py
@@ -1,7 +1,12 @@
 """Flask App configuration."""
+import os
 
 # General Config
 FLASK_DEBUG = True
-SECRET_KEY = "CHANGEME5"
-if SECRET_KEY == "CHANGEME5":
+# if we are loading SECRET_KEY from config files then
+# it is good to check default value always, maybe
+# the user responsible for setup the application make a mistake
+# and has not changed the default SECRET_KEY value
+SECRET_KEY = os.getenv('envKey')  # A_CONSTANT_SECRET
+if SECRET_KEY == "A_CONSTANT_SECRET":
     raise "not possible"