diff --git a/lib/cmdlib.py b/lib/cmdlib.py
index 3e8602cafb858957deedfe0f9b5a9620d0fa6ea5..9d3ace57529c621d4fb5110bb644f712144b1dd0 100644
--- a/lib/cmdlib.py
+++ b/lib/cmdlib.py
@@ -5323,7 +5323,7 @@ def _GenerateDRBD8Branch(lu, primary, secondary, size, names, iv_name,
   """
   port = lu.cfg.AllocatePort()
   vgname = lu.cfg.GetVGName()
-  shared_secret = lu.cfg.GenerateDRBDSecret()
+  shared_secret = lu.cfg.GenerateDRBDSecret(lu.proc.GetECId())
   dev_data = objects.Disk(dev_type=constants.LD_LV, size=size,
                           logical_id=(vgname, names[0]))
   dev_meta = objects.Disk(dev_type=constants.LD_LV, size=128,
diff --git a/lib/config.py b/lib/config.py
index ed83610c610e39d8e344f526884e3ddde4fdaa6b..52bfe0fe2ead5236f75d66d5605f6adaa174db35 100644
--- a/lib/config.py
+++ b/lib/config.py
@@ -138,6 +138,7 @@ class ConfigWriter:
     self._temporary_ids = TemporaryReservationManager()
     self._temporary_drbds = {}
     self._temporary_macs = TemporaryReservationManager()
+    self._temporary_secrets = TemporaryReservationManager()
     # Note: in order to prevent errors when resolving our name in
     # _DistributeConfig, we compute it here once and reuse it; it's
     # better to raise an error before starting to modify the config
@@ -190,23 +191,15 @@ class ConfigWriter:
       self._temporary_macs.Reserve(mac, ec_id)
 
   @locking.ssynchronized(_config_lock, shared=1)
-  def GenerateDRBDSecret(self):
+  def GenerateDRBDSecret(self, ec_id):
     """Generate a DRBD secret.
 
     This checks the current disks for duplicates.
 
     """
-    all_secrets = self._AllDRBDSecrets()
-    retries = 64
-    while retries > 0:
-      secret = utils.GenerateSecret()
-      if secret not in all_secrets:
-        break
-      retries -= 1
-    else:
-      raise errors.ConfigurationError("Can't generate unique DRBD secret")
-    return secret
-
+    return self._temporary_secrets.Generate(self._AllDRBDSecrets(),
+                                            utils.GenerateSecret,
+                                            ec_id)
   def _AllLVs(self):
     """Compute the list of all LVs.
 
@@ -1429,4 +1422,5 @@ class ConfigWriter:
     """
     self._temporary_ids.DropECReservations(ec_id)
     self._temporary_macs.DropECReservations(ec_id)
+    self._temporary_secrets.DropECReservations(ec_id)