diff --git a/development.ini b/development.ini
--- a/development.ini
+++ b/development.ini
@@ -112,6 +112,7 @@ initial_repo_scan = true
 archive_cache_dir = %(here)s/tarballcache
 
 ## change this to unique ID for security
+#app_instance_uuid = VERY-SECRET
 app_instance_uuid = development-not-secret
 
 ## cut off limit for large diffs (size in bytes)
@@ -286,6 +287,7 @@ beaker.session.httponly = true
 beaker.session.timeout = 2592000
 
 ## Server secret used with HMAC to ensure integrity of cookies.
+#beaker.session.secret = VERY-SECRET
 beaker.session.secret = development-not-secret
 ## Further, encrypt the data with AES.
 #beaker.session.encrypt_key = <key_for_encryption>
diff --git a/kallithea/lib/inifile.py b/kallithea/lib/inifile.py
--- a/kallithea/lib/inifile.py
+++ b/kallithea/lib/inifile.py
@@ -64,7 +64,7 @@ def expand(template, desc, mako_variable
     [first-section]
     <BLANKLINE>
     variable=VALUE
-    #variable2 = value after tab
+    #variable2  =    value after tab
     variable2 = VAL2
     <BLANKLINE>
     <BLANKLINE>
@@ -92,9 +92,8 @@ def expand(template, desc, mako_variable
                 key, value = m.groups()
                 line = m.group(0)
                 if key in section_settings:
-                    line = '%s = %s' % (key, section_settings[key])
-                    if '$' not in value:
-                        line = '#%s = %s\n%s' % (key, value, line)
+                    # keep old entry as example - comments might refer to it
+                    line = '#%s\n%s = %s' % (line, key, section_settings[key])
                 return line.rstrip()
 
             # process lines that not are comments or empty and look like name=value
diff --git a/kallithea/tests/test.ini b/kallithea/tests/test.ini
--- a/kallithea/tests/test.ini
+++ b/kallithea/tests/test.ini
@@ -108,6 +108,7 @@ initial_repo_scan = false
 archive_cache_dir = %(here)s/tarballcache
 
 ## change this to unique ID for security
+#app_instance_uuid = VERY-SECRET
 app_instance_uuid = test
 
 ## cut off limit for large diffs (size in bytes)
@@ -284,6 +285,7 @@ beaker.session.httponly = true
 beaker.session.timeout = 2592000
 
 ## Server secret used with HMAC to ensure integrity of cookies.
+#beaker.session.secret = VERY-SECRET
 beaker.session.secret = {74e0cd75-b339-478b-b129-07dd221def1f}
 ## Further, encrypt the data with AES.
 #beaker.session.encrypt_key = <key_for_encryption>
diff --git a/scripts/generate-ini.py b/scripts/generate-ini.py
--- a/scripts/generate-ini.py
+++ b/scripts/generate-ini.py
@@ -17,7 +17,7 @@ mako_variable_values = {
     'http_server': 'waitress',
     'host': '127.0.0.1',
     'port': '5000',
-    'uuid': lambda: '${app_instance_uuid}',
+    'uuid': lambda: 'VERY-SECRET',
 }
 
 # files to be generated from the mako template