diff --git a/.github/workflows/backend.yml b/.github/workflows/backend.yml
index 15cfe2d..31bb04e 100644
--- a/.github/workflows/backend.yml
+++ b/.github/workflows/backend.yml
@@ -19,4 +19,5 @@ jobs:
           allow-dirty: "true"
           no-test: "true"
           secrets: |
-            JWT_SECRET='${{ secrets.JWT_SECRET }}'
\ No newline at end of file
+            JWT_SECRET='${{ secrets.JWT_SECRET }}'
+            REGISTER_KEY='${{ secrets.REGISTER_KEY }}'
\ No newline at end of file
diff --git a/backend/src/handlers/authentication/mod.rs b/backend/src/handlers/authentication/mod.rs
index 7161cd0..e71e5fe 100644
--- a/backend/src/handlers/authentication/mod.rs
+++ b/backend/src/handlers/authentication/mod.rs
@@ -29,6 +29,7 @@ pub struct RegisterRequest {
     pub username: String,
     pub email: String,
     pub password: String,
+    pub key: String,
 }
 
 #[derive(Debug, Serialize, Deserialize)]
diff --git a/backend/src/handlers/authentication/register.rs b/backend/src/handlers/authentication/register.rs
index e531426..8446712 100644
--- a/backend/src/handlers/authentication/register.rs
+++ b/backend/src/handlers/authentication/register.rs
@@ -7,6 +7,10 @@ use axum::extract::State;
 use axum::Json;
 
 pub async fn register(State(state): State<AppState>, JsonExtractor(body): JsonExtractor<RegisterRequest>) -> Result<Json<RegisterResponse>, UserError> {
+    if body.key != state.secrets.get("REGISTER_KEY").unwrap() {
+        return Err(UserError::NotFound("Invalid key".to_string()));
+    }
+
     if body.email.is_empty() || body.password.is_empty() {
         return Err(UserError::NotFound("Email and password are required".to_string()));
     }
diff --git a/backend/src/main.rs b/backend/src/main.rs
index 56bf2aa..5adbb17 100644
--- a/backend/src/main.rs
+++ b/backend/src/main.rs
@@ -12,6 +12,7 @@ use sqlx::PgPool;
 #[derive(Clone)]
 pub struct AppState {
     pool: PgPool,
+    secrets: SecretStore,
 }
 
 #[shuttle_runtime::main]
@@ -21,11 +22,11 @@ async fn main(
 ) -> shuttle_axum::ShuttleAxum {
     // init_tracing();
 
-    init_vars(secrets);
+    init_vars(&secrets);
 
     run_migrations(&pool).await;
 
-    let state = AppState { pool };
+    let state = AppState { pool, secrets };
 
     let app = app_router(state.clone()).with_state(state);
 
@@ -54,7 +55,7 @@ async fn run_migrations(pool: &PgPool) {
         .expect("Failed to run migrations");
 }
 
-fn init_vars(secrets: SecretStore) {
+fn init_vars(secrets: &SecretStore) {
     let jwt_secret = secrets.get("JWT_SECRET").expect("JWT_SECRET not found");
 
     std::env::set_var("JWT_SECRET", jwt_secret);