diff --git a/.env.example b/.env.example
index 1e0936c..45209d9 100644
--- a/.env.example
+++ b/.env.example
@@ -1,3 +1,2 @@
 ROLLBAR_POST_SERVER_ITEM_ACCESS_TOKEN=
 ROLLBAR_POST_CLIENT_ITEM_ACCESS_TOKEN=
-WEBAUTHN_ORIGIN=http://localhost:3000
diff --git a/.env.test b/.env.test
deleted file mode 100644
index 508d977..0000000
--- a/.env.test
+++ /dev/null
@@ -1 +0,0 @@
-WEBAUTHN_ORIGIN=http://localhost:3030
diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index 24cac99..f7c564d 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -23,7 +23,7 @@ def current_user
   def relying_party
     @relying_party ||=
       WebAuthn::RelyingParty.new(
-        origin: ENV["WEBAUTHN_ORIGIN"],
+        origin: Rails.configuration.webauthn_origin,
         name: "WebAuthn Rails Demo App"
       )
   end
diff --git a/config/environments/development.rb b/config/environments/development.rb
index f1ab6a0..57175af 100644
--- a/config/environments/development.rb
+++ b/config/environments/development.rb
@@ -64,4 +64,6 @@
 
   # Uncomment if you wish to allow Action Cable access from any origin.
   # config.action_cable.disable_request_forgery_protection = true
+
+  config.webauthn_origin = 'http://localhost:3000'
 end
diff --git a/config/environments/production.rb b/config/environments/production.rb
index 5eb250a..504abd4 100644
--- a/config/environments/production.rb
+++ b/config/environments/production.rb
@@ -83,5 +83,7 @@
   # Do not dump schema after migrations.
   config.active_record.dump_schema_after_migration = false
 
-  config.middleware.use(Rack::HostRedirect, "webauthn.herokuapp.com" => URI(ENV["WEBAUTHN_ORIGIN"]).host)
+  config.webauthn_origin = 'https://webauthn.cedarcode.com'
+
+  config.middleware.use(Rack::HostRedirect, "webauthn.herokuapp.com" => URI(config.webauthn_origin).host)
 end
diff --git a/config/environments/test.rb b/config/environments/test.rb
index eb87d15..8647522 100644
--- a/config/environments/test.rb
+++ b/config/environments/test.rb
@@ -53,4 +53,6 @@
 
   # Annotate rendered view with file names.
   # config.action_view.annotate_rendered_view_with_filenames = true
+
+  config.webauthn_origin = 'http://localhost:3030'
 end
diff --git a/test/application_system_test_case.rb b/test/application_system_test_case.rb
index b53247c..2bad8a6 100644
--- a/test/application_system_test_case.rb
+++ b/test/application_system_test_case.rb
@@ -6,7 +6,7 @@ class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
   driven_by :selenium, using: (ENV["TEST_BROWSER"] || :chrome).to_sym, screen_size: [1400, 1400]
 
   setup do
-    Capybara.app_host = ENV['WEBAUTHN_ORIGIN']
+    Capybara.app_host = Rails.configuration.webauthn_origin
     Capybara.server_host = "localhost"
     Capybara.server_port = 3030
     Capybara.default_max_wait_time = 20
diff --git a/test/controllers/registrations_controller_test.rb b/test/controllers/registrations_controller_test.rb
index cbedbe3..4105f58 100644
--- a/test/controllers/registrations_controller_test.rb
+++ b/test/controllers/registrations_controller_test.rb
@@ -38,7 +38,7 @@ class RegistrationsControllerTest < ActionDispatch::IntegrationTest
 
     public_key_credential =
       WebAuthn::FakeClient
-      .new(ENV["WEBAUTHN_ORIGIN"])
+      .new(Rails.configuration.webauthn_origin)
       .create(challenge: challenge, user_verified: true)
 
     webauthn_credential = WebAuthn::Credential.from_create(public_key_credential)
diff --git a/test/system/add_credential_test.rb b/test/system/add_credential_test.rb
index b1396e7..db1a88b 100644
--- a/test/system/add_credential_test.rb
+++ b/test/system/add_credential_test.rb
@@ -5,7 +5,7 @@
 
 class AddCredentialTest < ApplicationSystemTestCase
   test "add credentials" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)
 
diff --git a/test/system/registration_test.rb b/test/system/registration_test.rb
index 1d65bfb..931ce9c 100644
--- a/test/system/registration_test.rb
+++ b/test/system/registration_test.rb
@@ -5,7 +5,7 @@
 
 class RegistrationTest < ApplicationSystemTestCase
   test "register user" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)
 
diff --git a/test/system/sign_in_test.rb b/test/system/sign_in_test.rb
index 9f20349..905337c 100644
--- a/test/system/sign_in_test.rb
+++ b/test/system/sign_in_test.rb
@@ -5,7 +5,7 @@
 
 class SignInTest < ApplicationSystemTestCase
   test "register and then sign in" do
-    fake_origin = ENV['WEBAUTHN_ORIGIN']
+    fake_origin = Rails.configuration.webauthn_origin
     fake_client = WebAuthn::FakeClient.new(fake_origin, encoding: false)
     fixed_challenge = SecureRandom.random_bytes(32)