diff --git a/docker/routlin-dash/app/pages/radius/action.py b/docker/routlin-dash/app/pages/radius/action.py
index d35bb4b..482d609 100644
--- a/docker/routlin-dash/app/pages/radius/action.py
+++ b/docker/routlin-dash/app/pages/radius/action.py
@@ -1,6 +1,22 @@
 from pathlib import Path
-from flask import Blueprint
+from flask import Blueprint, redirect, flash
+from auth import require_level
+from config_utils import queued_msg, CONFIGS_DIR
 
 _PAGE = Path(__file__).parent.name
 
 bp = Blueprint(_PAGE, __name__)
+
+RADIUS_SECRET_FILE = Path(CONFIGS_DIR) / '.radius-secret'
+
+
+@bp.route('/action/radius/regenerate', methods=['POST'])
+@require_level('administrator')
+def regenerate():
+    try:
+        RADIUS_SECRET_FILE.unlink(missing_ok=True)
+    except OSError as ex:
+        flash(f'Could not delete .radius-secret: {ex}', 'error')
+        return redirect(f'/{_PAGE}')
+    flash(queued_msg('core apply', action_label='Secret deleted - new secret will be generated on next apply'), 'success')
+    return redirect(f'/{_PAGE}')
diff --git a/docker/routlin-dash/app/pages/radius/content.json b/docker/routlin-dash/app/pages/radius/content.json
index 5361127..6bcc46d 100644
--- a/docker/routlin-dash/app/pages/radius/content.json
+++ b/docker/routlin-dash/app/pages/radius/content.json
@@ -30,6 +30,17 @@
         {
           "type": "p",
           "text": "Use this router's IP address on the AP's VLAN as the RADIUS server address. Authentication port: 1812. Accounting port: 1813."
+        },
+        {
+          "type": "button_row",
+          "items": [
+            {
+              "type": "button_danger",
+              "action": "/action/radius/regenerate",
+              "method": "post",
+              "text": "Regenerate"
+            }
+          ]
         }
       ]
     }