Self-Host - This page is relevant for self-hosted SigNoz editions.

JWT Secret Configuration Guide

SigNoz uses a JWT secret key to sign and verify all user session tokens. It is critical to set this secret to ensure the security of your SigNoz instance.

If you do not set the JWT secret, SigNoz will not fail to start; it will only print a warning log:

No JWT secret key is specified

Running without a secret leaves your instance exposed and anyone can forge valid tokens with an empty string.

How to Set the JWT Secret

  1. Choose a Strong Secret:
    Use a long, random string. Avoid using simple or guessable values.

  2. Set the Environment Variable:
    Set the following to your environment configuration:

    SIGNOZ_TOKENIZER_JWT_SECRET=your-very-strong-random-secret

  3. Restart SigNoz:
    After setting the variable, restart your SigNoz services to apply the change.

Best Practices

  • Never share your JWT secret publicly.
  • Rotate the secret periodically and update your environment configuration accordingly.
  • Monitor logs for any warnings about missing or invalid JWT secrets.

Last updated: June 30, 2025

Edit on GitHub

Was this page helpful?

Your response helps us improve this page.

Prev
Alertmanager
Next
Root User Configuration
On this page
How to Set the JWT Secret
Best Practices

Is this page helpful?

Your response helps us improve this page.

Docs
IntroductionContributingMigrate from DatadogSigNoz API
OpenTelemetry
What is OpenTelemetryOpenTelemetry Collector GuideOpenTelemetry Demo
Community
Support
Slack
X
Launch Week
Changelog
Dashboard Templates
DevOps Wordle
Newsletter
KubeCon, Atlanta 2025
More
SigNoz vs DatadogSigNoz vs New RelicSigNoz vs GrafanaSigNoz vs Dynatrace
Careers
AboutTermsPrivacySecurity & Compliance
SigNoz Logo
SigNoz
All systems operational
HIPAASOC-2