JWT Secret Configuration Guide
SigNoz uses a JWT secret key to sign and verify all user session tokens. It is critical to set this secret to ensure the security of your SigNoz instance.
⚠️ Warning: JWT Secret Not Set
If you do not set the JWT secret, SigNoz will not fail to start; it will only print a warning log:
No JWT secret key is specified
Running without a secret leaves your instance exposed and anyone can forge valid tokens with an empty string.
How to Set the JWT Secret
Choose a Strong Secret:
Use a long, random string. Avoid using simple or guessable values.Set the Environment Variable:
Set the following to your environment configuration:SIGNOZ_JWT_SECRET=your-very-strong-random-secret
Restart SigNoz:
After setting the variable, restart your SigNoz services to apply the change.
Best Practices
- Never share your JWT secret publicly.
- Rotate the secret periodically and update your environment configuration accordingly.
- Monitor logs for any warnings about missing or invalid JWT secrets.
Was this page helpful?
On this page