diff --git a/contrib/local-environment/oauth2-proxy-alpha-config.yaml b/contrib/local-environment/oauth2-proxy-alpha-config.yaml
index 5a99e6a8..2f18e459 100644
--- a/contrib/local-environment/oauth2-proxy-alpha-config.yaml
+++ b/contrib/local-environment/oauth2-proxy-alpha-config.yaml
@@ -1,8 +1,9 @@
 server:
   bindAddress: "0.0.0.0:4180"
 cookie:
-  secret: OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=
-  secure: false
+  secret:
+    value: OQINaROshtE9TcZkNAm-5Zs2Pv3xaWytBmc5W7sPX7w=
+  insecure: true
 providers:
   - id: oidc
     provider: oidc
diff --git a/oauthproxy.go b/oauthproxy.go
index c22ac5b2..4559d1f3 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -180,7 +180,7 @@ func NewOAuthProxy(opts *options.Options, validator func(string) bool) (*OAuthPr
 		refresh = fmt.Sprintf("after %s", opts.Session.Refresh)
 	}
 
-	logger.Printf("Cookie settings: name:%s insecure(http):%v scriptaccess:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, opts.Cookie.Insecure, opts.Cookie.ScriptAccess, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh)
+	logger.Printf("Cookie settings: name:%s insecure(http):%v scriptaccess:%v expiry:%s domains:%s path:%s samesite:%s refresh:%s", opts.Cookie.Name, *opts.Cookie.Insecure, opts.Cookie.ScriptAccess, opts.Cookie.Expire, strings.Join(opts.Cookie.Domains, ","), opts.Cookie.Path, opts.Cookie.SameSite, refresh)
 
 	trustedIPs := ip.NewNetSet()
 	for _, ipStr := range opts.TrustedIPs {