Can't change JWT secret on self-hosted Supabase instance

[sergeykorablin]

I'm a bit confused. I changed the JWT_SECRET, ANON_KEY, SERVICE_ROLE_KEY in the .env file and restarted Supabase using Docker Compose as described in documentation:

Update API Keys: Use the JWT secret to generate new anon and service API keys. Replace the existing keys in your .env file with the new ones.
Restart Services: After updating your secrets and keys, restart all services to apply the changes. This is essential for the new configurations to take effect.

However, the old JWT tokens (both anon and user's) are still valid. Do the .env variables only get used once to initialize the database and some internal states? Is there a way to update the JWT Secret?

[heblol]

Same problem here. Starting up using supabase start, with an adjusted .env file, but it does not use the JWT_SECRET.

Looking for it now multiple days. Dont get it.

[thebrrt]

Did you ever find a fix? I've spent a whole hour on something that should've been as simple as changing the value of something in a config file

[icarus-sullivan]

I'm still in the testing phase of supabase so I have only been running things in a sparse manner with a single table. I updated my JWT_SECRET and it was not automatically picked up by the docker services. How I fixed this was by doing the following:

• I made sure I had a valid JWT_SECRET and that I generated both an ANON_KEY and SERVICE key here.

• Open the SQL Editor, for me its here. Then copy+paste the following and run it.

ALTER DATABASE postgres SET "app.settings.jwt_secret" TO "<your_secret_here>";

• Run docker compose down (WARNING: This removes your services!!!)

• Update my .env file with my new secrets

• Run docker compose up -d