SigNoz is an open-source APM. It helps developers monitor their applications & troubleshoot problems, an open-source alternative to DataDog, NewRelic, etc.

SigNoz Community

Hey folks!!

Make sure to configure the JWT secret key to sign and verify all user session tokens. Setting this secret is essential for maintaining the security of your SigNoz instance

Follow the docs: <https://signoz.io/docs/manage/administrator-guide/configuration/jwt-secret/>

<@U08GZJ30Q9X> This isn't mentioned at all in the setup guide and would be a big security risk. I would recommend either 1) Making it a prominent part of the setup guide, or 2) If SIGNOZ_JWT_SECRET is not set, set it to something random by default. A random JWT secret that logs people out each time the service boots/updates is better than a blank secret.