diff --git a/.env.production.sample b/.env.production.sample
index f6ed28fd3e45592212a9c935f9952fc29e7c3ffa..5cd3e196e283b798cacfa077bec385fce3f0ccd1 100644
--- a/.env.production.sample
+++ b/.env.production.sample
@@ -33,7 +33,6 @@ LOCAL_DOMAIN=example.com
 
 # Application secrets
 # Generate each with the `RAILS_ENV=production bundle exec rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
-PAPERCLIP_SECRET=
 SECRET_KEY_BASE=
 OTP_SECRET=
 
diff --git a/app/models/import.rb b/app/models/import.rb
index ba88435bfd0df57b58ab0e86314b834faabf071f..fdb4c6b80f6441816c316d58575cc535dfab06df 100644
--- a/app/models/import.rb
+++ b/app/models/import.rb
@@ -26,7 +26,7 @@ class Import < ApplicationRecord
 
   validates :type, presence: true
 
-  has_attached_file :data, url: '/system/:hash.:extension', hash_secret: ENV['PAPERCLIP_SECRET']
+  has_attached_file :data
   validates_attachment_content_type :data, content_type: FILE_TYPES
   validates_attachment_presence :data
 end
diff --git a/app/models/user.rb b/app/models/user.rb
index fcd574f8bda7c01e7eb4d6d293200ce8235f1660..b053292da56ecc47e87738b05eb4a0ca6e0f63bd 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -44,7 +44,7 @@ class User < ApplicationRecord
   ACTIVE_DURATION = 14.days
 
   devise :two_factor_authenticatable,
-         otp_secret_encryption_key: ENV['OTP_SECRET']
+         otp_secret_encryption_key: ENV.fetch('OTP_SECRET')
 
   devise :two_factor_backupable,
          otp_number_of_backup_codes: 10
diff --git a/lib/tasks/mastodon.rake b/lib/tasks/mastodon.rake
index d2e4f38a9a5759da70d74c762b7762586a62d666..bf4c53cb34229eb8228136c47582832f856c0abe 100644
--- a/lib/tasks/mastodon.rake
+++ b/lib/tasks/mastodon.rake
@@ -23,7 +23,7 @@ namespace :mastodon do
       prompt.say('Single user mode disables registrations and redirects the landing page to your public profile.')
       env['SINGLE_USER_MODE'] = prompt.yes?('Do you want to enable single user mode?', default: false)
 
-      %w(SECRET_KEY_BASE PAPERCLIP_SECRET OTP_SECRET).each do |key|
+      %w(SECRET_KEY_BASE OTP_SECRET).each do |key|
         env[key] = SecureRandom.hex(64)
       end