diff --git a/plugins/commando.c b/plugins/commando.c
index 4eed51d56..1521b3baf 100644
--- a/plugins/commando.c
+++ b/plugins/commando.c
@@ -1,6 +1,7 @@
 #include "config.h"
 #include <ccan/array_size/array_size.h>
 #include <ccan/json_out/json_out.h>
+#include <ccan/rune/rune.h>
 #include <ccan/tal/str/str.h>
 #include <common/json_param.h>
 #include <common/json_stream.h>
@@ -36,6 +37,8 @@ struct commando {
 static struct plugin *plugin;
 static struct commando **outgoing_commands;
 static struct commando **incoming_commands;
+static u64 *rune_counter;
+static struct rune *master_rune;
 
 /* NULL peer: don't care about peer.  NULL id: don't care about id */
 static struct commando *find_commando(struct commando **arr,
@@ -260,6 +263,8 @@ static void handle_incmd(struct node_id *peer,
 {
 	struct commando *incmd;
 
+	/* FIXME: don't do *anything* unless they've set up a rune. */
+
 	incmd = find_commando(incoming_commands, peer, NULL);
 	/* Don't let them buffer multiple commands: discard old. */
 	if (incmd && incmd->id != idnum)
@@ -520,18 +525,50 @@ static void memleak_mark_globals(struct plugin *p, struct htable *memtable)
 {
 	memleak_remove_region(memtable, outgoing_commands, tal_bytelen(outgoing_commands));
 	memleak_remove_region(memtable, incoming_commands, tal_bytelen(incoming_commands));
+	if (rune_counter)
+		memleak_remove_region(memtable, rune_counter, sizeof(*rune_counter));
 }
 #endif
 
 static const char *init(struct plugin *p,
 			const char *buf UNUSED, const jsmntok_t *config UNUSED)
 {
+	struct secret rune_secret;
+
 	outgoing_commands = tal_arr(p, struct commando *, 0);
 	incoming_commands = tal_arr(p, struct commando *, 0);
 	plugin = p;
 #if DEVELOPER
 	plugin_set_memleak_handler(p, memleak_mark_globals);
 #endif
+
+	rune_counter = tal(p, u64);
+	if (!rpc_scan_datastore_str(plugin, "commando/rune_counter",
+				    JSON_SCAN(json_to_u64, rune_counter)))
+		rune_counter = tal_free(rune_counter);
+
+	/* Old python commando used to store secret */
+	if (!rpc_scan_datastore_hex(plugin, "commando/secret",
+				    JSON_SCAN(json_to_secret, &rune_secret))) {
+		rpc_scan(plugin, "makesecret",
+			 /* $ i commando
+			  * 99 0x63 0143 0b1100011 'c'
+			  * 111 0x6F 0157 0b1101111 'o'
+			  * 109 0x6D 0155 0b1101101 'm'
+			  * 109 0x6D 0155 0b1101101 'm'
+			  * 97 0x61 0141 0b1100001 'a'
+			  * 110 0x6E 0156 0b1101110 'n'
+			  * 100 0x64 0144 0b1100100 'd'
+			  * 111 0x6F 0157 0b1101111 'o'
+			  */
+			 take(json_out_obj(NULL, "hex", "636F6D6D616E646F")),
+			 "{secret:%}",
+			 JSON_SCAN(json_to_secret, &rune_secret));
+	}
+
+	master_rune = rune_new(plugin, rune_secret.data, ARRAY_SIZE(rune_secret.data),
+			       NULL);
+
 	return NULL;
 }