diff --git a/Changelog.md b/Changelog.md
index 8d291cf8c..15d573b30 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -34,6 +34,15 @@ All notable changes to this project will be documented in this file.
     conf.statsd = my_client
   end
   ```
+* Load cloud secrets from Rails credentials (https://github.com/flippercloud/flipper/pull/782)
+  ```bash
+  $ rails credentials:edit
+  ```
+  ```yaml
+  flipper:
+    cloud_token: <your-cloud-token>
+    cloud_sync_secret: <your-webhook-secret>
+  ```
 
 ## 1.0.0
 
diff --git a/lib/flipper/engine.rb b/lib/flipper/engine.rb
index 75f69792d..168613f64 100644
--- a/lib/flipper/engine.rb
+++ b/lib/flipper/engine.rb
@@ -23,6 +23,10 @@ class Engine < Rails::Engine
     end
 
     initializer "flipper.default", before: :load_config_initializers do |app|
+      # Load cloud secrets from Rails credentials
+      ENV["FLIPPER_CLOUD_TOKEN"] ||= app.credentials.dig(:flipper, :cloud_token)
+      ENV["FLIPPER_CLOUD_SYNC_SECRET"] ||= app.credentials.dig(:flipper, :cloud_sync_secret)
+
       require 'flipper/cloud' if cloud?
 
       Flipper.configure do |config|
diff --git a/spec/flipper/engine_spec.rb b/spec/flipper/engine_spec.rb
index c445d876e..c94fe56fe 100644
--- a/spec/flipper/engine_spec.rb
+++ b/spec/flipper/engine_spec.rb
@@ -6,7 +6,7 @@
     Class.new(Rails::Application) do
       config.eager_load = false
       config.logger = ActiveSupport::Logger.new($stdout)
-    end
+    end.instance
   end
 
   before do
@@ -242,6 +242,40 @@
     end
   end
 
+  context 'with cloud secrets in Rails.credentials' do
+    around do |example|
+      # Create temporary directory for Rails.root to write credentials to
+      # Once Rails 5.2 support is dropped, this can all be replaced with
+      # `config.credentials.content_path = Tempfile.new.path`
+      Dir.mktmpdir do |dir|
+        Dir.chdir(dir) do
+          Dir.mkdir("#{dir}/config")
+
+          example.run
+        end
+      end
+    end
+
+    before do
+      # Set master key which is needed to write credentials
+      ENV["RAILS_MASTER_KEY"] = "a" * 32
+
+      application.credentials.write(YAML.dump({
+        flipper: {
+          cloud_token: "credentials-token",
+          cloud_sync_secret: "credentials-secret",
+        }
+      }))
+    end
+
+    it "enables cloud" do
+      application.initialize!
+      expect(ENV["FLIPPER_CLOUD_TOKEN"]).to eq("credentials-token")
+      expect(ENV["FLIPPER_CLOUD_SYNC_SECRET"]).to eq("credentials-secret")
+      expect(Flipper.instance).to be_a(Flipper::Cloud::DSL)
+    end
+  end
+
   it "includes model methods" do
     subject
     require 'active_record'