diff --git a/.gitignore b/.gitignore
index 5613b9fb..40d7c773 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,6 @@ Makefile
 release-*
 dump.rdb
 #priv/firmware.hex
+
+# this file isnt stored here but just in case.
+fwup-key.priv
diff --git a/config/hardware/host/hardware.exs b/config/hardware/host/hardware.exs
index 99789871..ad23b2ab 100644
--- a/config/hardware/host/hardware.exs
+++ b/config/hardware/host/hardware.exs
@@ -1,4 +1,5 @@
 use Mix.Config
 config :farmbot,
   path: "/tmp",
-  config_file_name: System.get_env("CONFIG_FILE_NAME") || "default_config.json"
+  config_file_name: System.get_env("CONFIG_FILE_NAME") || "default_config.json",
+  configurator_port: System.get_env("CONFIGURATOR_PORT") || 5000
diff --git a/config/prod.exs b/config/prod.exs
index d198e4eb..e042e88a 100644
--- a/config/prod.exs
+++ b/config/prod.exs
@@ -32,7 +32,3 @@ config :logger, :ex_syslogger_info,
   facility: :kern,
   formatter: Farmbot.SysFormatter,
   option: [:pid, :cons]
-
-config :nerves_firmware,
-  priv_key_path: System.get_env("PRIV_KEY_PATH"),
-  pub_key_path: "/etc/fwup-key.pub"
diff --git a/lib/farmbot.ex b/lib/farmbot.ex
index ba158bcb..1c31ca79 100644
--- a/lib/farmbot.ex
+++ b/lib/farmbot.ex
@@ -13,6 +13,7 @@ defmodule Farmbot do
   def start(type, args)
   def start(_, _args) do
     Logger.info ">> init!"
+    :ok = setup_nerves_fw(Mix.env())
     Amnesia.start
     Database.create! Keyword.put([], :memory, [node()])
     Database.wait(15_000)
@@ -47,4 +48,19 @@ defmodule Farmbot do
     opts = [strategy: :one_for_one]
     supervise(children, opts)
   end
+
+  # This has to be at runtime because you cant access your own apps
+  # priv dir during Mix.Config.
+  defp setup_nerves_fw(:prod) do
+    Logger.info ">> Setting up firmware signing!"
+    file = "#{:code.priv_dir(:farmbot)}/fwup-key.pub"
+    Application.put_env(:nerves_firmware, :pub_key_path, file)
+    if File.exists?(file), do: :ok, else: {:error, :no_pub_file}
+  end
+
+  defp setup_nerves_fw(_) do
+    Logger.info ">> Disabling firmware signing!"
+    Application.put_env(:nerves_firmware, :pub_key_path, nil)
+    :ok
+  end
 end
diff --git a/lib/farmbot/system/filesystem/config_storage.ex b/lib/farmbot/system/filesystem/config_storage.ex
index 78a1189d..62443069 100644
--- a/lib/farmbot/system/filesystem/config_storage.ex
+++ b/lib/farmbot/system/filesystem/config_storage.ex
@@ -71,7 +71,7 @@ defmodule Farmbot.System.FS.ConfigStorage do
     {:reply, read, state}
   end
 
-  def handle_call({:replace_config_file, new_state}, _, old_state) do
+  def handle_call({:replace_config_file, new_state}, _, _old_state) do
     write!(:ok, new_state)
   end
 
diff --git a/lib/mix/tasks/sign.ex b/lib/mix/tasks/sign.ex
new file mode 100644
index 00000000..3c68741f
--- /dev/null
+++ b/lib/mix/tasks/sign.ex
@@ -0,0 +1,16 @@
+defmodule Mix.Tasks.Farmbot.Sign do
+  @moduledoc false
+  use Mix.Task
+  @shortdoc "Signs a fw image"
+
+  def run([priv_key_path, out_file_path]) do
+    otp_app = Mix.Project.config[:app]
+    target = Mix.Project.config[:target]
+    fw_file = Path.join(["images", "#{Mix.env()}", "#{target}", "#{otp_app}.fw"])
+    Mix.shell.info [:green, "Signing: #{fw_file} with: #{priv_key_path} to: #{out_file_path}"]
+    unless File.exists?(fw_file) do
+       raise "Could not find Firmware!"
+    end
+    System.cmd("fwup", ["-S", "-s", priv_key_path, "-i", fw_file, "-o", out_file_path])
+  end
+end
diff --git a/mix.exs b/mix.exs
index 43e74754..ea820629 100644
--- a/mix.exs
+++ b/mix.exs
@@ -185,7 +185,9 @@ defmodule Farmbot.Mixfile do
   defp aliases(_system) do
     ["deps.precompile": ["nerves.precompile", "deps.precompile"],
      "deps.loadpaths":  ["deps.loadpaths", "nerves.loadpaths"],
-     "firmware.upload": ["farmbot.upload"]]
+     "firmware.upload": ["farmbot.upload"],
+     "firmware.sign": ["farmbot.sign"]
+   ]
   end
 
   # the nerves_system_* dir to use for this build.
diff --git a/config/hardware/rpi3/rootfs-additions-prod/etc/fwup-key.pub b/priv/fwup-key.pub
similarity index 100%
rename from config/hardware/rpi3/rootfs-additions-prod/etc/fwup-key.pub
rename to priv/fwup-key.pub
diff --git a/scripts/sign_release.sh b/scripts/sign_release.sh
index cf9834ff..650923d4 100755
--- a/scripts/sign_release.sh
+++ b/scripts/sign_release.sh
@@ -6,5 +6,7 @@ REL_DIR=release-$VERSION
 FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION.fw
 SIGNED_FIRM_FILE_REL=$REL_DIR/farmbot-$SYSTEM-$VERSION-signed.fw
 
-fwup -S -s $PRIV_KEY_PATH -i $FIRM_FILE_REL -o $SIGNED_FIRM_FILE_REL
+MIX_ENV=prod MIX_TARGET=$SYSTEM mix firmware.sign $PRIV_KEY_PATH $SIGNED_FIRM_FILE_REL
+
+echo "Removing unsigned files!"
 rm $FIRM_FILE_REL