--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/cubicweb/pyramid/pyramid.ini.tmpl	Wed May 08 20:53:49 2019 +0200
@@ -0,0 +1,7 @@
+[main]
+
+cubicweb.session.secret = %(secret_1)s
+cubicweb.auth.authtkt.session.secret = %(secret_2)s
+cubicweb.auth.authtkt.persistent.secret = %(secret_3)s
+cubicweb.auth.authtkt.session.secure = no
+cubicweb.auth.authtkt.persistent.secure = no

--- a/cubicweb/pyramid/pyramidctl.py	Wed May 08 21:00:45 2019 +0200
+++ b/cubicweb/pyramid/pyramidctl.py	Wed May 08 20:53:49 2019 +0200
@@ -39,8 +39,10 @@
 from cubicweb.cwconfig import CubicWebConfiguration as cwcfg
 from cubicweb.cwctl import CWCTL, InstanceCommand, init_cmdline_log_threshold
 from cubicweb.pyramid import wsgi_application_from_cwconfig
+from cubicweb.pyramid.config import get_random_secret_key
 from cubicweb.server import serverctl, set_debug
 from cubicweb.web.webctl import WebCreateHandler
+from cubicweb.toolsutils import fill_templated_file
 
 import waitress
 
@@ -50,6 +52,18 @@
 LOG_LEVELS = ('debug', 'info', 'warning', 'error')
 
 
+def _generate_pyramid_ini_file(pyramid_ini_path):
+    """Write a 'development.ini' file into apphome."""
+    template_fpath = os.path.join(os.path.dirname(__file__), 'pyramid.ini.tmpl')
+    target_fpath = os.path.join(pyramid_ini_path)
+    context = {
+        'secret_1': get_random_secret_key(),
+        'secret_2': get_random_secret_key(),
+        'secret_3': get_random_secret_key(),
+    }
+    fill_templated_file(template_fpath, target_fpath, context)
+
+
 class PyramidCreateHandler(serverctl.RepositoryCreateHandler,
                            WebCreateHandler):
     cfgname = 'pyramid'
@@ -72,7 +86,7 @@
         """bootstrap this configuration"""
         serverctl.RepositoryCreateHandler.bootstrap(self, cubes, automatic, inputlevel)
         WebCreateHandler.bootstrap(self, cubes, automatic, inputlevel)
-        # TODO: write pyramid.ini file
+        _generate_pyramid_ini_file(os.path.join(self.config.apphome, "pyramid.ini"))
 
 
 class PyramidStartHandler(InstanceCommand):
@@ -332,6 +346,10 @@
         filelist_path = os.path.join(cwconfig.apphome,
                                      '.pyramid-reload-files.list')
 
+        pyramid_ini_path = os.path.join(cwconfig.apphome, "pyramid.ini")
+        if not os.path.exists(pyramid_ini_path):
+            _generate_pyramid_ini_file(pyramid_ini_path)
+
         if autoreload and not os.environ.get(self._reloader_environ_key):
             return self.restart_with_reloader(filelist_path)
 

--- a/cubicweb/pyramid/session.py	Wed May 08 21:00:45 2019 +0200
+++ b/cubicweb/pyramid/session.py	Wed May 08 20:53:49 2019 +0200
@@ -261,23 +261,6 @@
 
     See also :ref:`defaults_module`
     """
-    settings = config.registry.settings
-    try:
-        secret = settings['cubicweb.session.secret']
-    except KeyError:
-        secret = 'notsosecret'
-        if config.registry['cubicweb.config'].mode != 'test':
-            warnings.warn('''
-
-                !! WARNING !! !! WARNING !!
-
-                The session cookies are signed with a static secret key.
-                To put your own secret key, edit your pyramid.ini file
-                and set the 'cubicweb.session.secret' key.
-
-                YOU SHOULD STOP THIS INSTANCE unless your really know what you
-                are doing !!
-
-            ''')
+    secret = config.registry.settings['cubicweb.session.secret']
     session_factory = CWSessionFactory(secret)
     config.set_session_factory(session_factory)