diff --git a/config/initializers/gitlab_shell_secret_token.rb b/config/initializers/gitlab_shell_secret_token.rb
index 751fccead07c09537c7820da47a16cf2c01dcaa3..7454c33c9ddafd5ee0694b415eb602722096d109 100644
--- a/config/initializers/gitlab_shell_secret_token.rb
+++ b/config/initializers/gitlab_shell_secret_token.rb
@@ -1,19 +1 @@
-# Be sure to restart your server when you modify this file.
-
-require 'securerandom'
-
-# Your secret key for verifying the gitlab_shell.
-
-
-secret_file = Gitlab.config.gitlab_shell.secret_file
-
-unless File.exist? secret_file
-  # Generate a new token of 16 random hexadecimal characters and store it in secret_file.
-  token = SecureRandom.hex(16)
-  File.write(secret_file, token)
-end
-
-link_path = File.join(Gitlab.config.gitlab_shell.path, '.gitlab_shell_secret')
-if File.exist?(Gitlab.config.gitlab_shell.path) && !File.exist?(link_path)
-  FileUtils.symlink(secret_file, link_path)
-end
+Gitlab::Shell.new.generate_and_link_secret_token
diff --git a/lib/gitlab/backend/shell.rb b/lib/gitlab/backend/shell.rb
index e31840ef9190451ba8004d0194142cdd235a2d57..34e0143a82ee793bce189617e36fd9cce4ff4306 100644
--- a/lib/gitlab/backend/shell.rb
+++ b/lib/gitlab/backend/shell.rb
@@ -1,3 +1,5 @@
+require 'securerandom'
+
 module Gitlab
   class Shell
     class Error < StandardError; end
@@ -188,6 +190,21 @@ module Gitlab
       File.exist?(full_path(storage, dir_name))
     end
 
+    # Create (if necessary) and link the secret token file
+    def generate_and_link_secret_token
+      secret_file = Gitlab.config.gitlab_shell.secret_file
+      unless File.exist? secret_file
+        # Generate a new token of 16 random hexadecimal characters and store it in secret_file.
+        token = SecureRandom.hex(16)
+        File.write(secret_file, token)
+      end
+
+      link_path = File.join(gitlab_shell_path, '.gitlab_shell_secret')
+      if File.exist?(gitlab_shell_path) && !File.exist?(link_path)
+        FileUtils.symlink(secret_file, link_path)
+      end
+    end
+
     protected
 
     def gitlab_shell_path
diff --git a/lib/tasks/gitlab/shell.rake b/lib/tasks/gitlab/shell.rake
index 263798e9c2261449e4bdc8f4d194b53c2b58b0f3..c85ebdf8619b0072f1264b211a4119df3c8119d0 100644
--- a/lib/tasks/gitlab/shell.rake
+++ b/lib/tasks/gitlab/shell.rake
@@ -71,6 +71,8 @@ namespace :gitlab do
       File.open(File.join(home_dir, ".ssh", "environment"), "w+") do |f|
         f.puts "PATH=#{ENV['PATH']}"
       end
+
+      Gitlab::Shell.new.generate_and_link_secret_token
     end
 
     desc "GitLab | Setup gitlab-shell"
diff --git a/spec/lib/gitlab/backend/shell_spec.rb b/spec/lib/gitlab/backend/shell_spec.rb
index e15f13f985b9831fe7ee2c6eeeac716b3ff45e6e..6e5ba21138210ba34d9212c30d6fc5bae044229e 100644
--- a/spec/lib/gitlab/backend/shell_spec.rb
+++ b/spec/lib/gitlab/backend/shell_spec.rb
@@ -21,6 +21,29 @@ describe Gitlab::Shell, lib: true do
 
   it { expect(gitlab_shell.url_to_repo('diaspora')).to eq(Gitlab.config.gitlab_shell.ssh_path_prefix + "diaspora.git") }
 
+  describe 'generate_and_link_secret_token' do
+    let(:secret_file) { 'tmp/tests/.secret_shell_test' }
+    let(:link_file) { 'tmp/tests/shell-secret-test/.gitlab_shell_secret' }
+
+    before do
+      allow(Gitlab.config.gitlab_shell).to receive(:path).and_return('tmp/tests/shell-secret-test')
+      allow(Gitlab.config.gitlab_shell).to receive(:secret_file).and_return(secret_file)
+      FileUtils.mkdir('tmp/tests/shell-secret-test')
+      gitlab_shell.generate_and_link_secret_token
+    end
+
+    after do
+      FileUtils.rm_rf('tmp/tests/shell-secret-test')
+      FileUtils.rm_rf(secret_file)
+    end
+
+    it 'creates and links the secret token file' do
+      expect(File.exist?(secret_file)).to be(true)
+      expect(File.symlink?(link_file)).to be(true)
+      expect(File.readlink(link_file)).to eq(secret_file)
+    end
+  end
+
   describe Gitlab::Shell::KeyAdder, lib: true do
     describe '#add_key' do
       it 'normalizes space characters in the key' do