diff --git a/image_bucket_upload.php b/image_bucket_upload.php
index e92967d..2dac72b 100644
--- a/image_bucket_upload.php
+++ b/image_bucket_upload.php
@@ -1,112 +1,128 @@
 <?php
 /**
  *  ocs-webserver
  *
  *  Copyright 2016 by pling GmbH.
  *
  *    This file is part of ocs-webserver.
  *
  *    This program is free software: you can redistribute it and/or modify
  *    it under the terms of the GNU Affero General Public License as
  *    published by the Free Software Foundation, either version 3 of the
  *    License, or (at your option) any later version.
  *
  *    This program is distributed in the hope that it will be useful,
  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
  *    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *    GNU Affero General Public License for more details.
  *
  *    You should have received a copy of the GNU Affero General Public License
  *    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  **/
 
 // Define path to application directory
 defined('APPLICATION_PATH')
 || define('APPLICATION_PATH', realpath(dirname(__FILE__)));
 
-
 // Define application environment
 defined('APPLICATION_ENV')
 || define('APPLICATION_ENV', (getenv('APPLICATION_ENV') ? getenv('APPLICATION_ENV') : 'production'));
 
 defined('IMAGES_UPLOAD_PATH')
 || define('IMAGES_UPLOAD_PATH', APPLICATION_PATH . '/img/');
 
 
+if (file_exists('config.php')) {
+    require_once('config.php');
+}
+
+if(!isset($config['privateKey'])) {
+    die('OSC CDN has not been configured. Visit setup.php for instructions.');
+}
+
+
 // Ensure library/ is on include_path
 set_include_path(implode("/", array(
     APPLICATION_PATH . '/../library',
     get_include_path(),
 )));
 
 $_mime_type = array(
     'image/jpeg' => '.jpg',
     'image/jpg' => '.jpg',
     'image/png' => '.png',
     'image/gif' => '.gif',
     'application/x-empty' => '.png'
 );
 
 
 require_once 'Zend/Loader/Autoloader.php';
 
 $loader = Zend_Loader_Autoloader::getInstance();
 $loader->setFallbackAutoloader(true);
 
 $log = new Zend_Log();
 $writer = new Zend_Log_Writer_Stream(APPLICATION_PATH .'/data/logs/msg_' . date("Y-m-d") . '.log');
 $log->addWriter($writer);
 
 $log->debug('_POST: ' . print_r($_POST, true));
 $log->debug('_FILES: ' . print_r($_FILES, true));
 
+
+if ($_POST['privateKey'] != $config['privateKey']) {
+    $log->debug('Failed private key check');
+    sleep(3);
+    header("HTTP/1.1 401 Unauthorized");
+    die('Unauthorized Request');
+}
+
 $upload = new Zend_File_Transfer_Adapter_Http();
 $upload->addValidator('Count', false, 1)
     ->addValidator('IsImage', false)
     ->addValidator('Size', false, 5097152)
     ->addValidator('FilesSize', false, 5097152);
 
 //$upload->addValidator('ImageSize', false,
 //    array(
 //        'minwidth' => 50,
 //        'maxwidth' => 2000,
 //        'minheight' => 50,
 //        'maxheight' => 2000
 //    )
 //);
 
 if (false === $upload->isValid()){
     $log->err('isValid errors: ' . print_r($upload->getErrors(), true));
     $log->info('isValid messages: ' . print_r($upload->getMessages(), true));
 
     header("HTTP/1.0 500 Server Error");
     print implode("\n<br>", $upload->getMessages());
     exit(0);
 }
 
 //create buckets
 $fileHash = $upload->getHash('sha1');
 $destBucketPath = substr_replace($fileHash, '/', 1, 0);
 $destBucketPath = substr_replace($destBucketPath, '/', 3, 0);
 $destBucketPath = substr_replace($destBucketPath, '/', 5, 0);
 $destBucketPath = substr_replace($destBucketPath, '/', 7, 0);
 $destPath = IMAGES_UPLOAD_PATH . $destBucketPath . $_mime_type[$upload->getMimeType()];
 
 $dir = dirname($destPath);
 if (!file_exists($destPath) and !is_dir($dir)) {
     mkdir($dir, 0777, true);
 }
 
 $upload->addFilter('Rename', array('target' => $destPath, 'overwrite' => true));
 
 if (false === $upload->receive()) {
     $log->err('receive errors: ' . print_r($upload->getErrors(), true));
     $log->info('receive messages: ' . print_r($upload->getMessages(), true));
 
     header("HTTP/1.0 500 Server Error");
     print implode("\n<br>", $upload->getMessages());
     exit(0);
 }
 
 header("HTTP/1.0 200 OK");
 print $destBucketPath . $_mime_type[$upload->getMimeType()];
diff --git a/setup.php b/setup.php
new file mode 100644
index 0000000..29d6149
--- /dev/null
+++ b/setup.php
@@ -0,0 +1,52 @@
+<html>
+<head>
+<title>OSC CDN Setup</title>
+</head>
+<body>
+
+<?php
+
+	if (file_exists('config.php')) {
+		require_once('config.php');
+	}
+	
+	if(!isset($config['privateKey'])) :
+		$configKey = md5(rand()).md5(rand());
+
+?>
+	<h1>Private Key</h1>
+	
+	<b>config.php does not exist, or does not define a private key</b><br/>
+	
+	Copy and paste the below text into a config.php file. Once you have created
+	the config file, you will also need to copy and paste the private key into
+	your OSC Webserver configuration file.<br /><br />
+	
+	<textarea style="width: 100%; height: 200px;">
+&lt;?php
+
+	if (!defined('APPLICATION_PATH'))
+		die('This file is not publicly accessible.');
+
+	$config = [
+		'privateKey' => '<?= $configKey ?>'
+	];
+
+/* End of File */</textarea>
+	
+	<br /><br /><br />
+	<b>OCS Webserver application.ini config value</b>
+	<br />
+	images.media.privateKey = &quot;<?= $configKey ?>&quot;
+	
+<?php
+	else:
+?>
+	<h1>Information</h1>
+	
+	Everything is up and running! For the private key please refer to the config.php file.
+<?php
+	endif;
+?>
+</body>
+</html>