Skip to main content

JWT signing key rotation


JWT signing key rotation implies that the secret key for signing the access tokens will be changed at a fixed time interval. This reduces the risk of key theft.

  • Existing logged in users are not logged out on key change.
  • This feature is enabled by default.

Changing this setting#

The JWT signing key rotation feature can be switched on / off and its interval can be set through the following configurations

docker run \  -p 3567:3567 \  -e ACCESS_TOKEN_SIGNING_KEY_DYNAMIC=true \  -e ACCESS_TOKEN_SIGNING_KEY_UPDATE_INTERVAL=168 \  -d supertokens/supertokens-<db name>
  • access_token_signing_key_dynamic
    • If this is set to true, the access token signing key will change every fixed interval of time.
    • It must be set to a boolean value with, the default value set to true.
  • access_token_signing_key_update_interval
    • Time in hours for how frequently the signing key will change.
    • It must be set to a number value with, the default value set to 168

For managed service, these values can be updated by visiting our dashboard.