diff --git a/api/crypto/ecdsa.go b/api/crypto/ecdsa.go
index f2b87d639..35cc0b283 100644
--- a/api/crypto/ecdsa.go
+++ b/api/crypto/ecdsa.go
@@ -8,8 +8,6 @@ import (
 	"encoding/base64"
 	"encoding/hex"
 	"math/big"
-
-	"github.com/portainer/portainer"
 )
 
 const (
@@ -105,10 +103,10 @@ func (service *ECDSAService) GenerateKeyPair() ([]byte, []byte, error) {
 // CreateSignature creates a digital signature.
 // It automatically hash a specific message using MD5 and creates a signature from
 // that hash.
+// If a secret is associated to the service, it will be used instead of the specified
+// message.
 // It then encodes the generated signature in base64.
-func (service *ECDSAService) CreateSignature() (string, error) {
-
-	message := portainer.PortainerAgentSignatureMessage
+func (service *ECDSAService) CreateSignature(message string) (string, error) {
 	if service.secret != "" {
 		message = service.secret
 	}
diff --git a/api/docker/client.go b/api/docker/client.go
index 913e5dd87..aebec1adb 100644
--- a/api/docker/client.go
+++ b/api/docker/client.go
@@ -67,7 +67,7 @@ func createAgentClient(endpoint *portainer.Endpoint, signatureService portainer.
 		return nil, err
 	}
 
-	signature, err := signatureService.CreateSignature()
+	signature, err := signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return nil, err
 	}
diff --git a/api/exec/swarm_stack.go b/api/exec/swarm_stack.go
index f41a581db..da781b030 100644
--- a/api/exec/swarm_stack.go
+++ b/api/exec/swarm_stack.go
@@ -140,7 +140,7 @@ func (manager *SwarmStackManager) updateDockerCLIConfiguration(dataPath string)
 		return err
 	}
 
-	signature, err := manager.signatureService.CreateSignature()
+	signature, err := manager.signatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return err
 	}
diff --git a/api/http/handler/websocket/websocket_exec.go b/api/http/handler/websocket/websocket_exec.go
index 6f2d07d22..ba4a9d7e6 100644
--- a/api/http/handler/websocket/websocket_exec.go
+++ b/api/http/handler/websocket/websocket_exec.go
@@ -111,7 +111,7 @@ func (handler *Handler) proxyWebsocketRequest(w http.ResponseWriter, r *http.Req
 		}
 	}
 
-	signature, err := handler.SignatureService.CreateSignature()
+	signature, err := handler.SignatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
 	if err != nil {
 		return err
 	}
diff --git a/api/http/proxy/docker_transport.go b/api/http/proxy/docker_transport.go
index 2476685cc..7521ee337 100644
--- a/api/http/proxy/docker_transport.go
+++ b/api/http/proxy/docker_transport.go
@@ -64,7 +64,7 @@ func (p *proxyTransport) proxyDockerRequest(request *http.Request) (*http.Respon
 	request.URL.Path = path
 
 	if p.enableSignature {
-		signature, err := p.SignatureService.CreateSignature()
+		signature, err := p.SignatureService.CreateSignature(portainer.PortainerAgentSignatureMessage)
 		if err != nil {
 			return nil, err
 		}
diff --git a/api/portainer.go b/api/portainer.go
index 2e9ef97d2..6479a2a53 100644
--- a/api/portainer.go
+++ b/api/portainer.go
@@ -683,7 +683,7 @@ type (
 		GenerateKeyPair() ([]byte, []byte, error)
 		EncodedPublicKey() string
 		PEMHeaders() (string, string)
-		CreateSignature() (string, error)
+		CreateSignature(message string) (string, error)
 	}
 
 	// JWTService represents a service for managing JWT tokens