diff --git a/boot.py b/boot.py
index f78ad6ab8..a5afa7a4c 100644
--- a/boot.py
+++ b/boot.py
@@ -1,13 +1,36 @@
 #!/usr/bin/env python
 
+from urlparse import urlunparse
+
 import release
+from jinja2 import Template
 
 from app import app
 from data.model.release import set_region_release
 from util.config.database import sync_database_with_config
 
 
+def create_jwtproxy_conf():
+  audience = urlunparse((
+    app.config.get('PREFERRED_URL_SCHEME'),
+    app.config.get('SERVER_HOSTNAME'), '', '', '', ''))
+
+  registry = audience + '/keys'
+
+  with open("/conf/jwtproxy_conf.yaml.jnj") as f:
+    template = Template(f.read())
+    rendered = template.render(
+      audience=audience,
+      registry=registry
+    )
+
+  with open('/conf/jwtproxy_conf.yaml', 'w') as f:
+    f.write(rendered)
+
+
 def main():
+  create_jwtproxy_conf()
+
   if app.config.get('SETUP_COMPLETE', False):
     sync_database_with_config(app.config)
 
diff --git a/conf/http-base.conf b/conf/http-base.conf
index 34116bb05..22f01aa52 100644
--- a/conf/http-base.conf
+++ b/conf/http-base.conf
@@ -37,8 +37,8 @@ map $http_x_forwarded_proto $proper_scheme {
 upstream web_app_server {
     server unix:/tmp/gunicorn_web.sock fail_timeout=0;
 }
-upstream jwtproxy {
-    server unix:/tmp/jwtproxy.sock fail_timeout=0;
+upstream jwtproxy_secscan {
+    server unix:/tmp/jwtproxy_secscan.sock fail_timeout=0;
 }
 upstream verbs_app_server {
     server unix:/tmp/gunicorn_verbs.sock fail_timeout=0;
diff --git a/conf/jwtproxy_conf.yaml b/conf/jwtproxy_conf.yaml.jnj
similarity index 63%
rename from conf/jwtproxy_conf.yaml
rename to conf/jwtproxy_conf.yaml.jnj
index 918bbac3e..969bbca14 100644
--- a/conf/jwtproxy_conf.yaml
+++ b/conf/jwtproxy_conf.yaml.jnj
@@ -3,11 +3,11 @@ jwtproxy:
     enabled: false
   verifier_proxy:
     enabled: true
-    listen_addr: unix:/tmp/jwtproxy.sock
+    listen_addr: unix:/tmp/jwtproxy_secscan.sock
     verifier:
       upstream: unix:/tmp/gunicorn_web.sock 
-      audience: quay
+      audience: {{ audience }}
       key_server:
         type: keyregistry
         options:
-          registry: unix:/tmp/gunicorn_web.sock 
+          registry: {{ registry }} 
diff --git a/conf/server-base.conf b/conf/server-base.conf
index 441ceb3e9..04513c122 100644
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@@ -50,7 +50,7 @@ location ~ ^/(v1/repositories|v2/auth)/ {
 }
 
 location /secscan/ {
-    proxy_pass http://jwtproxy;
+    proxy_pass http://jwtproxy_secscan;
 }
 
 location ~ ^/v2 {