diff --git a/docker/scripts/export_builds.sh b/scripts/docker/export_builds.sh
similarity index 100%
rename from docker/scripts/export_builds.sh
rename to scripts/docker/export_builds.sh
diff --git a/docker/scripts/export_deps.sh b/scripts/docker/export_deps.sh
similarity index 100%
rename from docker/scripts/export_deps.sh
rename to scripts/docker/export_deps.sh
diff --git a/scripts/generate_secrets.sh b/scripts/generate_secrets.sh
new file mode 100755
index 0000000..2163386
--- /dev/null
+++ b/scripts/generate_secrets.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+
+# Path where secrets are stored
+SECRETS_PATH=.secrets
+
+# Generated secrets
+SECRETS=(
+	app_key
+	mongo_root_password
+)
+
+# API key secrets
+API_KEYS=(
+	tmdb_key
+	plex_token
+	tvdb_key
+	tvdb_pin
+	vpn_auth
+)
+
+# Store new API keys if available
+NEW_API_KEYS=()
+
+# Indicate if existing secrets should be regenerated
+OVERWRITE=0
+
+# Generate secrets and files -----------------------------------------------------------------------
+
+# Create secrets folder
+if [ -d $SECRETS_PATH ]; then
+	read -p "Regenerate existing secrets (Y|n)? " -n 1 -r
+	echo
+	if [[ $REPLY =~ ^[Yy]$ ]]; then
+		OVERWRITE=1
+	fi
+else
+	mkdir -p $SECRETS_PATH
+fi
+
+# Generate random secrets
+for key in ${SECRETS[@]}; do
+	if [ $OVERWRITE -eq 1 ] || [ ! -f "$SECRETS_PATH/$key" ] || [[ -z $(grep '[^[:space:]]' "$SECRETS_PATH/$key") ]]; then
+		openssl rand -base64 20 > "$SECRETS_PATH/$key"
+	fi
+done
+
+# Create API key files if they don't ekist
+for key in ${API_KEYS[@]}; do
+	if [ ! -f "$SECRETS_PATH/$key" ] || [[ -z $(grep '[^[:space:]]' "$SECRETS_PATH/$key") ]]; then
+		touch "$SECRETS_PATH/$key"
+		NEW_API_KEYS+=($key)
+	fi
+done
+
+# --------------------------------------------------------------------------------------------------
+
+# Display newly-added/empty API key files
+if [ ${#NEW_API_KEYS[*]} -gt 0 ]; then
+	echo "New API keys available:"
+	for key in ${NEW_API_KEYS[@]}; do
+		echo "  $SECRETS_PATH/$key"
+	done
+fi
+
+echo "Done."