diff --git a/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php b/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
index 0dfbf0afa6..aba39b5fbe 100644
--- a/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
+++ b/lib/Alchemy/Phrasea/Controller/Api/V1Controller.php
@@ -95,7 +95,7 @@ class V1Controller extends Controller
         $oAuth2Account = $token->getAccount();
         $oAuth2App = $oAuth2Account->getApplication();
 
-        $conf = $this->getConfiguration();
+        $conf = $this->getConf();
         if ($oAuth2App->getClientId() == \API_OAuth2_Application_Navigator::CLIENT_ID && !$conf->get(['registry', 'api-clients', 'navigator-enabled'])) {
             return Result::createError($request, 403, 'The use of Phraseanet Navigator is not allowed')->createResponse();
         }
@@ -268,7 +268,7 @@ class V1Controller extends Controller
 
         $ret['phraseanet']['environment'] = $this->app->getEnvironment();
         $ret['phraseanet']['debug'] = $this->app['debug'];
-        $conf = $this->getConfiguration();
+        $conf = $this->getConf();
         $ret['phraseanet']['maintenance'] = $conf->get(['main', 'maintenance']);
         $ret['phraseanet']['errorsLog'] = $this->app['debug'];
         $ret['phraseanet']['serverName'] = $conf->get('servername');
@@ -286,7 +286,7 @@ class V1Controller extends Controller
             $SEStatus = ['error' => $e->getMessage()];
         }
 
-        $conf = $this->getConfiguration();
+        $conf = $this->getConf();
         $binaries = $conf->get(['main', 'binaries']);
 
         return [
@@ -909,6 +909,8 @@ class V1Controller extends Controller
             $permalink = null;
         }
 
+        $key = $this->getConf()->get(['main', 'key']);
+
         return [
             'name' => $media->get_name(),
             'permalink' => $permalink,
@@ -2276,14 +2278,6 @@ class V1Controller extends Controller
         return $this->app['session'];
     }
 
-    /**
-     * @return PropertyAccess
-     */
-    private function getConfiguration()
-    {
-        return $this->app['conf'];
-    }
-
     /**
      * @return mixed
      */
diff --git a/lib/Alchemy/Phrasea/Core/Version.php b/lib/Alchemy/Phrasea/Core/Version.php
index 5047cb23fd..b21227ff07 100644
--- a/lib/Alchemy/Phrasea/Core/Version.php
+++ b/lib/Alchemy/Phrasea/Core/Version.php
@@ -13,7 +13,7 @@ namespace Alchemy\Phrasea\Core;
 
 class Version
 {
-    private $number = '4.0.0-alpha.1';
+    private $number = '4.0.0-alpha.2';
     private $name = 'Herrerasaurus';
 
     public function getNumber()
diff --git a/lib/Alchemy/Phrasea/Model/Entities/Secret.php b/lib/Alchemy/Phrasea/Model/Entities/Secret.php
new file mode 100644
index 0000000000..3040faf849
--- /dev/null
+++ b/lib/Alchemy/Phrasea/Model/Entities/Secret.php
@@ -0,0 +1,89 @@
+<?php
+/*
+ * This file is part of Phraseanet
+ *
+ * (c) 2005-2015 Alchemy
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+namespace Alchemy\Phrasea\Model\Entities;
+
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * @ORM\Table(name="Secrets")
+ * @ORM\Entity()
+ */
+class Secret
+{
+    /**
+     * @ORM\Column(type="integer")
+     * @ORM\Id
+     * @ORM\GeneratedValue
+     * @var int
+     */
+    private $id;
+
+    /**
+     * @ORM\Column(type="datetime")
+     * @var \DateTime
+     */
+    private $created;
+
+    /**
+     * @ORM\Column(type="binary_string", length=40)
+     * @var string
+     */
+    private $token;
+
+    /**
+     * @ORM\ManyToOne(targetEntity="User")
+     * @ORM\JoinColumn(name="creator_id", referencedColumnName="id", nullable=false)
+     * @var User
+     */
+    private $creator;
+
+    /**
+     * @param User   $creator
+     * @param string $token
+     */
+    public function __construct(User $creator, $token)
+    {
+        $this->created = new \DateTime();
+        $this->creator = $creator;
+        $this->token = (string) $token;
+    }
+
+    /**
+     * @return int
+     */
+    public function getId()
+    {
+        return $this->id;
+    }
+
+    /**
+     * @return \DateTime
+     */
+    public function getCreated()
+    {
+        return $this->created;
+    }
+
+    /**
+     * @return User
+     */
+    public function getCreator()
+    {
+        return $this->creator;
+    }
+
+    /**
+     * @return string
+     */
+    public function getToken()
+    {
+        return $this->token;
+    }
+}
diff --git a/lib/Alchemy/Phrasea/Setup/DoctrineMigrations/Version20150519173347.php b/lib/Alchemy/Phrasea/Setup/DoctrineMigrations/Version20150519173347.php
new file mode 100644
index 0000000000..3cfe5f9212
--- /dev/null
+++ b/lib/Alchemy/Phrasea/Setup/DoctrineMigrations/Version20150519173347.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Alchemy\Phrasea\Setup\DoctrineMigrations;
+
+use Doctrine\DBAL\Migrations\AbstractMigration as BaseMigration;
+use Doctrine\DBAL\Schema\Schema;
+
+class Version20150519173347 extends BaseMigration
+{
+    /**
+     * @param Schema $schema
+     */
+    public function up(Schema $schema)
+    {
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('CREATE TABLE Secrets (id INT AUTO_INCREMENT NOT NULL, creator_id INT NOT NULL, created DATETIME NOT NULL, token VARCHAR(40) COLLATE utf8_bin NOT NULL, INDEX IDX_48F428861220EA6 (creator_id), PRIMARY KEY(id)) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = InnoDB');
+        $this->addSql('ALTER TABLE Secrets ADD CONSTRAINT FK_48F428861220EA6 FOREIGN KEY (creator_id) REFERENCES Users (id)');
+    }
+
+    /**
+     * @param Schema $schema
+     */
+    public function down(Schema $schema)
+    {
+        $this->abortIf($this->connection->getDatabasePlatform()->getName() != 'mysql', 'Migration can only be executed safely on \'mysql\'.');
+
+        $this->addSql('DROP TABLE Secrets');
+    }
+}
diff --git a/lib/classes/base.php b/lib/classes/base.php
index 4d4c117368..b7052cce39 100644
--- a/lib/classes/base.php
+++ b/lib/classes/base.php
@@ -185,46 +185,47 @@ abstract class base implements cache_cacheableInterface
         $stmt->closeCursor();
 
         $ORMTables = [
-            'AuthFailures',
-            'ApiApplications',
+            'AggregateTokens',
             'ApiAccounts',
+            'ApiApplications',
             'ApiLogs',
             'ApiOauthCodes',
             'ApiOauthRefreshTokens',
             'ApiOauthTokens',
-            'AggregateTokens',
+            'AuthFailures',
             'BasketElements',
             'Baskets',
             'FeedEntries',
             'FeedItems',
             'FeedPublishers',
-            'FeedTokens',
             'Feeds',
+            'FeedTokens',
             'FtpCredential',
             'FtpExportElements',
             'FtpExports',
+            'LazaretAttributes',
+            'LazaretChecks',
+            'LazaretFiles',
+            'LazaretSessions',
             'OrderElements',
             'Orders',
             'Registrations',
+            'Secrets',
+            'SessionModules',
+            'Sessions',
             'StoryWZ',
+            'Tasks',
+            'UserNotificationSettings',
+            'UserQueries',
+            'Users',
+            'UserSettings',
+            'UsrAuthProviders',
             'UsrListOwners',
             'UsrLists',
             'UsrListsContent',
             'ValidationDatas',
             'ValidationParticipants',
             'ValidationSessions',
-            'LazaretAttributes',
-            'LazaretChecks',
-            'LazaretFiles',
-            'LazaretSessions',
-            'SessionModules',
-            'Sessions',
-            'Tasks',
-            'UsrAuthProviders',
-            'UserQueries',
-            'UserSettings',
-            'Users',
-            'UserNotificationSettings',
         ];
 
         foreach ($rs as $row) {
@@ -742,6 +743,7 @@ abstract class base implements cache_cacheableInterface
         foreach ($list_patches as $patch) {
             // Gets doctrine migrations required for current patch
             foreach ($patch->getDoctrineMigrations() as $doctrineVersion) {
+                /** @var \Doctrine\DBAL\Migrations\Version $version */
                 $version = $app['doctrine-migration.configuration']->getVersion($doctrineVersion);
                 // Skip if already migrated
                 if ($version->isMigrated()) {
@@ -750,17 +752,22 @@ abstract class base implements cache_cacheableInterface
 
                 $migration = $version->getMigration();
 
-                // Inject entity manager
-                $migration->setEntityManager($app['orm.em']);
+                // Handle legacy migrations
+                if ($migration instanceof \Alchemy\Phrasea\Setup\DoctrineMigrations\AbstractMigration) {
+                    // Inject entity manager
+                    $migration->setEntityManager($app['orm.em']);
 
-                // Execute migration if not marked as migrated and not already applied by an older patch
-                if (!$migration->isAlreadyApplied()) {
+                    // Execute migration if not marked as migrated and not already applied by an older patch
+                    if (!$migration->isAlreadyApplied()) {
+                        $version->execute('up');
+                        continue;
+                    }
+
+                    // Or mark it as migrated
+                    $version->markMigrated();
+                } else {
                     $version->execute('up');
-                    continue;
                 }
-
-                // Or mark it as migrated
-                $version->markMigrated();
             }
 
             if (false === $patch->apply($this, $app)) {
diff --git a/lib/classes/patch/400alpha2a.php b/lib/classes/patch/400alpha2a.php
new file mode 100644
index 0000000000..2b0e5141e6
--- /dev/null
+++ b/lib/classes/patch/400alpha2a.php
@@ -0,0 +1,63 @@
+<?php
+
+/*
+ * This file is part of Phraseanet
+ *
+ * (c) 2005-2015 Alchemy
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+use Alchemy\Phrasea\Application;
+
+class patch_400alpha2a implements patchInterface
+{
+    /** @var string */
+    private $release = '4.0.0-alpha.2';
+
+    /** @var array */
+    private $concern = [base::APPLICATION_BOX];
+
+    /**
+     * {@inheritdoc}
+     */
+    public function get_release()
+    {
+        return $this->release;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getDoctrineMigrations()
+    {
+        return [
+            '20150519173347',
+        ];
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function require_all_upgrades()
+    {
+        return false;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function concern()
+    {
+        return $this->concern;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function apply(base $databox, Application $app)
+    {
+        return true;
+    }
+}