diff --git a/Makefile b/Makefile
index 0faec389f..6b5820b4a 100644
--- a/Makefile
+++ b/Makefile
@@ -35,6 +35,10 @@ bootstrap-with-docker: ## Build the image to run the app in Docker
 run-flask: ## Run flask
 	flask run -p 6011 --host=0.0.0.0
 
+.PHONY: purge-celery
+purge-celery: ## cf run-task notifications-api --command="celery -A run_celery.notify_celery purge -f" --name api_purge_celery
+	celery -A run_celery.notify_celery purge -f
+
 .PHONY: run-celery
 run-celery: ## Run celery, TODO remove purge for staging/prod
 	celery -A run_celery.notify_celery purge -f
diff --git a/app/config.py b/app/config.py
index 5b2fb1dca..a4a5c5368 100644
--- a/app/config.py
+++ b/app/config.py
@@ -88,17 +88,15 @@ class Config(object):
     API_HOST_NAME = os.environ.get('API_HOST_NAME')
 
     # secrets that internal apps, such as the admin app or document download, must use to authenticate with the API
-    ADMIN_CLIENT_ID = 'notify-admin'
+    ADMIN_CLIENT_ID = os.environ.get('ADMIN_CLIENT_ID')
     GOVUK_ALERTS_CLIENT_ID = 'govuk-alerts' # TODO: can remove?
-
-    INTERNAL_CLIENT_API_KEYS = json.loads(
-        os.environ.get('INTERNAL_CLIENT_API_KEYS', '{"notify-admin":["dev-notify-secret-key"]}')
-    ) # TODO: handled by varsfile?
-
-    # encyption secret/salt
     ADMIN_CLIENT_SECRET = os.environ.get('ADMIN_CLIENT_SECRET')
     SECRET_KEY = os.environ.get('SECRET_KEY')
     DANGEROUS_SALT = os.environ.get('DANGEROUS_SALT')
+    
+    INTERNAL_CLIENT_API_KEYS = json.loads(
+        os.environ.get('INTERNAL_CLIENT_API_KEYS', '{"'+ADMIN_CLIENT_ID+'":["'+ADMIN_CLIENT_SECRET+'"]}')
+    ) # TODO: better handled in manifest?
 
     # DB conection string
     SQLALCHEMY_DATABASE_URI = os.environ.get('SQLALCHEMY_DATABASE_URI')
@@ -119,7 +117,7 @@ class Config(object):
 
     # URL of redis instance
     REDIS_URL = os.environ.get('REDIS_URL')
-    REDIS_ENABLED = True
+    REDIS_ENABLED = False
     EXPIRE_CACHE_TEN_MINUTES = 600
     EXPIRE_CACHE_EIGHT_DAYS = 8 * 24 * 60 * 60
 
@@ -409,8 +407,6 @@ class Development(Config):
     DEBUG = True
     SQLALCHEMY_ECHO = False
 
-    REDIS_ENABLED = True
-
     CSV_UPLOAD_BUCKET_NAME = 'local-notifications-csv-upload'
     CONTACT_LIST_BUCKET_NAME = 'local-contact-list'
     TEST_LETTERS_BUCKET_NAME = 'development-test-letters'
@@ -549,9 +545,6 @@ class Live(Config):
     CHECK_PROXY_HEADER = True
     SES_STUB_URL = None
     CRONITOR_ENABLED = True
-    
-    # DEBUG = True
-    REDIS_ENABLED = True
 
     NOTIFY_LOG_PATH = os.environ.get('NOTIFY_LOG_PATH', 'application.log')
     REDIS_URL = os.environ.get('REDIS_URL')
diff --git a/manifest.yml b/manifest.yml
index c1ca4f5c6..af3ce5d3c 100644
--- a/manifest.yml
+++ b/manifest.yml
@@ -27,14 +27,17 @@ applications:
       NOTIFICATION_QUEUE_PREFIX: prototype_10x
       STATSD_HOST: localhost
 
-      INTERNAL_CLIENT_API_KEYS: '{"notify-admin":["dev-notify-secret-key"]}'
-      
       # Credentials variables
       DANGEROUS_SALT: ((DANGEROUS_SALT))
       SECRET_KEY: ((SECRET_KEY))
+      ADMIN_CLIENT_ID: ((ADMIN_CLIENT_ID))
+      ADMIN_CLIENT_SECRET: ((ADMIN_CLIENT_SECRET))
+      INTERNAL_CLIENT_API_KEYS: '{"notify-admin":["dev-notify-secret-key"]}'
       AWS_REGION: us-west-2
       AWS_PINPOINT_REGION: us-west-2
       AWS_US_TOLL_FREE_NUMBER: +18446120782
+      AWS_ACCESS_KEY_ID: ((AWS_ACCESS_KEY_ID))
+      AWS_SECRET_ACCESS_KEY: ((AWS_SECRET_ACCESS_KEY))
 
       DVLA_EMAIL_ADDRESSES: []