JWT Secret Configuration Guide

SigNoz uses a JWT secret key to sign and verify all user session tokens. It is critical to set this secret to ensure the security of your SigNoz instance.

⚠️ Warning: JWT Secret Not Set

If you do not set the JWT secret, SigNoz will not fail to start; it will only print a warning log:

No JWT secret key is specified

Running without a secret leaves your instance exposed and anyone can forge valid tokens with an empty string.

How to Set the JWT Secret

  1. Choose a Strong Secret:
    Use a long, random string. Avoid using simple or guessable values.

  2. Set the Environment Variable:
    Set the following to your environment configuration:

    SIGNOZ_JWT_SECRET=your-very-strong-random-secret
    
  3. Restart SigNoz:
    After setting the variable, restart your SigNoz services to apply the change.

Best Practices

  • Never share your JWT secret publicly.
  • Rotate the secret periodically and update your environment configuration accordingly.
  • Monitor logs for any warnings about missing or invalid JWT secrets.

Was this page helpful?