diff --git a/bds/apps.py b/bds/apps.py
index 6a44ae3d..86d97b09 100644
--- a/bds/apps.py
+++ b/bds/apps.py
@@ -11,7 +11,11 @@ class BDSConfig(AppConfig):
 
 def setup_bds_perms(sender, apps, **kwargs):
     from bds.models import get_bds_assoc
-    setup_assoc_perms(apps, get_bds_assoc, buro_of_apps=['gestion', 'bds'])
+    setup_assoc_perms(
+        apps, get_bds_assoc,
+        buro_of_apps=['gestion', 'bds'],
+        perms=["custommail.add_custommail", "custommail.change_custommail"]
+    )
 
 # Setup permissions of defaults groups of BDS association after Permission
 # instances have been created, i.e. after applying migrations.
diff --git a/cof/apps.py b/cof/apps.py
index 976bcf79..98cffdd9 100644
--- a/cof/apps.py
+++ b/cof/apps.py
@@ -11,7 +11,11 @@ class COFConfig(AppConfig):
 
 def setup_cof_perms(sender, apps, **kwargs):
     from cof.models import get_cof_assoc
-    setup_assoc_perms(apps, get_cof_assoc, buro_of_apps=['gestion', 'cof'])
+    setup_assoc_perms(
+        apps, get_cof_assoc,
+        buro_of_apps=['gestion', 'cof'],
+        perms=["custommail.add_custommail", "custommail.change_custommail"]
+    )
 
 # Setup permissions of defaults groups of BDS association after Permission
 # instances have been created, i.e. after applying migrations.
diff --git a/cof/settings/secret.py b/cof/settings/secret.py
new file mode 120000
index 00000000..f1c3d3f7
--- /dev/null
+++ b/cof/settings/secret.py
@@ -0,0 +1 @@
+secret_example.py
\ No newline at end of file
diff --git a/gestion/apps.py b/gestion/apps.py
index bc5967b0..c27b7265 100644
--- a/gestion/apps.py
+++ b/gestion/apps.py
@@ -6,7 +6,7 @@ class GestionConfig(AppConfig):
     verbose_name = "Gestion des outils communs COF/BDS"
 
 
-def setup_assoc_perms(apps, assoc_getter, buro_of_apps=[], **kwargs):
+def setup_assoc_perms(apps, assoc_getter, buro_of_apps=[], perms=[]):
     try:
         # Association and Permission models are required to be ready to setup
         # perms.
@@ -14,4 +14,4 @@ def setup_assoc_perms(apps, assoc_getter, buro_of_apps=[], **kwargs):
         apps.get_app_config('auth')
     except LookupError:
         return
-    assoc_getter().setup_perms(buro_of_apps=buro_of_apps)
+    assoc_getter().setup_perms(buro_of_apps=buro_of_apps, perms=perms)
diff --git a/gestion/models.py b/gestion/models.py
index 893c21c2..dc6101ba 100644
--- a/gestion/models.py
+++ b/gestion/models.py
@@ -105,7 +105,7 @@ class Association(models.Model):
     def __str__(self):
         return self.name
 
-    def setup_perms(self, buro_of_apps=[]):
+    def setup_perms(self, buro_of_apps=[], perms=[]):
         """
         Setup permissions of the staff and members groups.
 
@@ -118,6 +118,7 @@ class Association(models.Model):
 
         Arguments
             buro_of_apps (list of 'app_label', optional)
+            perms (list of permission codes, optional)
 
         Should be used in receiver of 'post_migrate' signal, after permissions
         creation.
@@ -134,10 +135,10 @@ class Association(models.Model):
             else:
                 group.permissions.add(perm)
 
-        app_label = self.name.lower()
+        assoc_app_label = self.name.lower()
 
         # Buro group has perm '<assoc>.buro'.
-        try_add_perm(self.staff_group, app_label, 'buro')
+        try_add_perm(self.staff_group, assoc_app_label, 'buro')
 
         # Add all permissions of applications given 'buro_of_apps'.
         apps_perms = Permission.objects.filter(
@@ -145,8 +146,13 @@ class Association(models.Model):
         )
         self.staff_group.permissions.add(*apps_perms)
 
+        # Add extra permissions from 'perms'
+        for perm in perms:
+            app_label, codename = perm.split('.', maxsplit=1)
+            try_add_perm(self.staff_group, app_label, codename)
+
         # Members have perm '<assoc>.member'.
-        try_add_perm(self.members_group, app_label, 'member')
+        try_add_perm(self.members_group, assoc_app_label, 'member')
 
 
 # ---
diff --git a/gestion/tests.py b/gestion/tests.py
index 755b4f3b..8cba796e 100644
--- a/gestion/tests.py
+++ b/gestion/tests.py
@@ -127,8 +127,9 @@ class AuthTest(TestCase):
 class AssociationTests(TestCase):
 
     def setUp(self):
-        self.gestion_p = Permission.objects.filter(
-            content_type__app_label='gestion',
+        self.custommail_p = Permission.objects.filter(
+            content_type__app_label="custommail",
+            codename__in=["add_custommail", "change_custommail"]
         )
 
     def assertAllAppPerms(self, group, app_label):
@@ -153,6 +154,10 @@ class AssociationTests(TestCase):
         self.assertAllAppPerms(cof_assoc.staff_group, 'cof')
         self.assertAllAppPerms(cof_assoc.staff_group, 'gestion')
 
+        # + some permissions in custommail
+        for p in self.custommail_p:
+            self.assertIn(p, cof_assoc.staff_group.permissions.all())
+
         # Check cof members group has 'cof.member' permission.
         member_perm = Permission.objects.get(
             content_type__app_label='cof',
@@ -174,6 +179,10 @@ class AssociationTests(TestCase):
         self.assertAllAppPerms(bds_assoc.staff_group, 'bds')
         self.assertAllAppPerms(bds_assoc.staff_group, 'gestion')
 
+        # + some permissions in custommail
+        for p in self.custommail_p:
+            self.assertIn(p, bds_assoc.staff_group.permissions.all())
+
         # Check cof members group has 'bds.member' permission.
         member_perm = Permission.objects.get(
             content_type__app_label='bds',