diff --git a/actix-session/Cargo.toml b/actix-session/Cargo.toml
index f016d511f5..46c3570d30 100644
--- a/actix-session/Cargo.toml
+++ b/actix-session/Cargo.toml
@@ -30,7 +30,10 @@ redis-rs-tls-session = ["redis-rs-session", "redis/tokio-native-tls-comp"]
 [dependencies]
 actix-service = "2"
 actix-utils = "3"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+] }
 
 anyhow = "1"
 async-trait = "0.1"
@@ -44,14 +47,27 @@ tracing = { version = "0.1.30", default-features = false, features = ["log"] }
 actix = { version = "0.13", default-features = false, optional = true }
 actix-redis = { version = "0.12", optional = true }
 futures-core = { version = "0.3.7", default-features = false, optional = true }
+secrecy = "0.8"
 
 # redis-rs-session
-redis = { version = "0.21", default-features = false, features = ["aio", "tokio-comp", "connection-manager"], optional = true }
+redis = { version = "0.21", default-features = false, features = [
+  "aio",
+  "tokio-comp",
+  "connection-manager",
+], optional = true }
 
 [dev-dependencies]
-actix-session = { path = ".", features = ["cookie-session", "redis-actor-session", "redis-rs-session"] }
+actix-session = { path = ".", features = [
+  "cookie-session",
+  "redis-actor-session",
+  "redis-rs-session",
+] }
 actix-test = "0.1.0-beta.10"
-actix-web = { version = "4", default_features = false, features = ["cookies", "secure-cookies", "macros"] }
+actix-web = { version = "4", default_features = false, features = [
+  "cookies",
+  "secure-cookies",
+  "macros",
+] }
 env_logger = "0.9"
 log = "0.4"
 
diff --git a/actix-session/src/session.rs b/actix-session/src/session.rs
index 35aaaa3f28..3ff3ea1593 100644
--- a/actix-session/src/session.rs
+++ b/actix-session/src/session.rs
@@ -17,6 +17,8 @@ use anyhow::Context;
 use derive_more::{Display, From};
 use serde::{de::DeserializeOwned, Serialize};
 
+use crate::storage::SessionKey;
+
 /// The primary interface to access and modify session state.
 ///
 /// [`Session`] is an [extractor](#impl-FromRequest)—you can specify it as an input type for your
@@ -77,6 +79,7 @@ impl Default for SessionStatus {
 struct SessionInner {
     state: HashMap<String, String>,
     status: SessionStatus,
+    session_key: Option<SessionKey>,
 }
 
 impl Session {
@@ -101,7 +104,15 @@ impl Session {
             Ok(None)
         }
     }
-
+    /// Get a the session key itself from the overall session.
+    ///
+    /// Retrieve the overall session key
+    pub fn get_session_key(&self) -> secrecy::Secret<SessionKey> {
+        todo!("either grab the key or figure out how to populate InnerSession session_key field");
+        // let key = Session::set_session(&mut self.0., self.0);
+        let key = self.0.borrow().session_key.clone(); //
+        secrecy::Secret::new(key.unwrap())
+    }
     /// Get all raw key-value data from the session.
     ///
     /// Note that values are JSON encoded.
diff --git a/actix-session/src/storage/session_key.rs b/actix-session/src/storage/session_key.rs
index ad5c47a1d1..799e8b7f3c 100644
--- a/actix-session/src/storage/session_key.rs
+++ b/actix-session/src/storage/session_key.rs
@@ -1,6 +1,7 @@
 use std::convert::TryFrom;
 
 use derive_more::{Display, From};
+use secrecy::Secret;
 
 /// A session key, the string stored in a client-side cookie to associate a user with its session
 /// state on the backend.
@@ -17,8 +18,8 @@ use derive_more::{Display, From};
 /// let session_key: Result<SessionKey, _> = key.try_into();
 /// assert!(session_key.is_err());
 /// ```
-#[derive(Debug, PartialEq, Eq)]
-pub struct SessionKey(String);
+#[derive(Debug, Clone)]
+pub struct SessionKey(secrecy::Secret<String>);
 
 impl TryFrom<String> for SessionKey {
     type Error = InvalidSessionKeyError;
@@ -30,17 +31,23 @@ impl TryFrom<String> for SessionKey {
             )
             .into());
         }
-
-        Ok(SessionKey(val))
+        let val_secret = Secret::new(val);
+        Ok(SessionKey(val_secret))
     }
 }
 
-impl AsRef<str> for SessionKey {
-    fn as_ref(&self) -> &str {
+impl AsRef<secrecy::Secret<String>> for SessionKey {
+    fn as_ref(&self) -> &secrecy::Secret<String> {
         &self.0
     }
 }
 
+impl secrecy::Zeroize for SessionKey {
+    fn zeroize(&mut self) {
+        self.0.zeroize();
+    }
+}
+
 impl From<SessionKey> for String {
     fn from(key: SessionKey) -> Self {
         key.0