diff --git a/web/setup.py b/web/setup.py
index c3d3b36..80b11fe 100755
--- a/web/setup.py
+++ b/web/setup.py
@@ -350,17 +350,20 @@ CREATE TABLE keys (
     PRIMARY KEY (name))
                 """)
 
-            sql = "INSERT INTO keys (name, value) VALUES ('CSRF_SESSION_KEY', '%s')" % base64.urlsafe_b64encode(os.urandom(32))
+            sql = "INSERT INTO keys (name, value) VALUES ('CSRF_SESSION_KEY', '%s')" \
+                  % base64.urlsafe_b64encode(os.urandom(32)).decode()
             db.engine.execute(sql)
 
-            sql = "INSERT INTO keys (name, value) VALUES ('SECRET_KEY', '%s')" % base64.urlsafe_b64encode(os.urandom(32))
+            sql = "INSERT INTO keys (name, value) VALUES ('SECRET_KEY', '%s')" % \
+                  base64.urlsafe_b64encode(os.urandom(32)).decode()
             db.engine.execute(sql)
 
             # If SECURITY_PASSWORD_SALT is not in the config, but we're upgrading, then it must (unless the
             # user edited the main config - which they shouldn't have done) have been at it's default
             # value, so we'll use that. Otherwise, use whatever we can find in the config.
             if hasattr(config, 'SECURITY_PASSWORD_SALT'):
-                sql = "INSERT INTO keys (name, value) VALUES ('SECURITY_PASSWORD_SALT', '%s')" % config.SECURITY_PASSWORD_SALT
+                sql = "INSERT INTO keys (name, value) VALUES ('SECURITY_PASSWORD_SALT', '%s')" \
+                      % config.SECURITY_PASSWORD_SALT
             else:
                 sql = "INSERT INTO keys (name, value) VALUES ('SECURITY_PASSWORD_SALT', 'SuperSecret3')"
             db.engine.execute(sql)