diff --git a/src/MatrixClientPeg.ts b/src/MatrixClientPeg.ts
index 2d8c2dd398..bb4be663b6 100644
--- a/src/MatrixClientPeg.ts
+++ b/src/MatrixClientPeg.ts
@@ -34,6 +34,7 @@ import * as StorageManager from './utils/StorageManager';
 import IdentityAuthClient from './IdentityAuthClient';
 import { crossSigningCallbacks, tryToUnlockSecretStorageWithDehydrationKey } from './SecurityManager';
 import {SHOW_QR_CODE_METHOD} from "matrix-js-sdk/src/crypto/verification/QRCode";
+import SecurityCustomisations from "./customisations/Security";
 
 export interface IMatrixClientCreds {
     homeserverUrl: string;
@@ -291,7 +292,10 @@ class _MatrixClientPeg implements IMatrixClientPeg {
         // These are always installed regardless of the labs flag so that
         // cross-signing features can toggle on without reloading and also be
         // accessed immediately after login.
-        Object.assign(opts.cryptoCallbacks, crossSigningCallbacks);
+        const customisedCallbacks = {
+            getDehydrationKey: SecurityCustomisations.getDehydrationKey,
+        };
+        Object.assign(opts.cryptoCallbacks, crossSigningCallbacks, customisedCallbacks);
 
         this.matrixClient = createMatrixClient(opts);
 
diff --git a/src/customisations/Security.ts b/src/customisations/Security.ts
index 8fb0978375..eb7c27dcc5 100644
--- a/src/customisations/Security.ts
+++ b/src/customisations/Security.ts
@@ -16,6 +16,7 @@ limitations under the License.
 
 import { IMatrixClientCreds } from "../MatrixClientPeg";
 import { Kind as SetupEncryptionKind } from "../toasts/SetupEncryptionToast";
+import { ISecretStorageKeyInfo } from 'matrix-js-sdk/src/matrix';
 
 /* eslint-disable-next-line @typescript-eslint/no-unused-vars */
 function examineLoginResponse(
@@ -44,6 +45,13 @@ function getSecretStorageKey(): Uint8Array {
     return null;
 }
 
+/* eslint-disable-next-line @typescript-eslint/no-unused-vars */
+function getDehydrationKey(
+    keyInfo: ISecretStorageKeyInfo,
+): Promise<Uint8Array> {
+    return Promise.resolve(null);
+}
+
 /* eslint-disable-next-line @typescript-eslint/no-unused-vars */
 function catchAccessSecretStorageError(e: Error): void {
     // E.g. notify the user in some way
@@ -74,6 +82,9 @@ export interface ISecurityCustomisations {
     setupEncryptionNeeded?: (
         kind: SetupEncryptionKind,
     ) => boolean,
+    getDehydrationKey?: (
+        keyInfo: ISecretStorageKeyInfo,
+    ) => Promise<Uint8Array>,
 }
 
 // A real customisation module will define and export one or more of the