diff --git a/mplexer/cmd/mgmt/mgmt.go b/mplexer/cmd/mgmt/mgmt.go
index 425bd13..4eda919 100644
--- a/mplexer/cmd/mgmt/mgmt.go
+++ b/mplexer/cmd/mgmt/mgmt.go
@@ -83,6 +83,7 @@ func main() {
 		log.Fatal("connection error", err)
 		return
 	}
+	_ = store.SetMaster(*secret)
 	defer store.Close()
 
 	bind := *addr + ":" + *port
diff --git a/mplexer/mgmt/authstore/authstore.go b/mplexer/mgmt/authstore/authstore.go
index 97e7531..8206eeb 100644
--- a/mplexer/mgmt/authstore/authstore.go
+++ b/mplexer/mgmt/authstore/authstore.go
@@ -18,6 +18,7 @@ type Authorization struct {
 }
 
 type Store interface {
+	SetMaster(secret string) error
 	Add(auth *Authorization) error
 	Set(auth *Authorization) error
 	Get(id string) (*Authorization, error)
diff --git a/mplexer/mgmt/authstore/postgresql.go b/mplexer/mgmt/authstore/postgresql.go
index 24b6da4..a9b39ae 100644
--- a/mplexer/mgmt/authstore/postgresql.go
+++ b/mplexer/mgmt/authstore/postgresql.go
@@ -2,7 +2,9 @@ package authstore
 
 import (
 	"context"
+	"crypto/sha256"
 	"database/sql"
+	"encoding/base64"
 	"fmt"
 	"io/ioutil"
 	"time"
@@ -41,6 +43,33 @@ type PGStore struct {
 	dbx *sqlx.DB
 }
 
+func (s *PGStore) SetMaster(secret string) error {
+	ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
+	defer done()
+
+	pubBytes := sha256.Sum256([]byte(secret))
+  pub := base64.RawURLEncoding.EncodeToString(pubBytes[:])
+  pub = pub[:24]
+	auth := &Authorization{
+		Slug:        "*",
+		SharedKey:   secret,
+		MachinePPID: secret,
+    PublicKey:   pub,
+	}
+	err := s.Add(auth)
+
+	query := `
+		UPDATE authorizations SET
+			machine_ppid=$1,
+			shared_key=$1,
+			public_key=$2,
+      deleted_at='1970-01-01 00:00:00'
+		WHERE slug = '*'
+	`
+	_, err = s.dbx.ExecContext(ctx, query, auth.MachinePPID, auth.PublicKey)
+	return err
+}
+
 func (s *PGStore) Add(auth *Authorization) error {
 	ctx, done := context.WithDeadline(context.Background(), time.Now().Add(5*time.Second))
 	defer done()