#Missing env JWT_PRIVATE_KEY

12 messages · Page 1 of 1 (latest)

solemn heath
#

Sep 18, 19:35:49.638
failure

19ms
M

auth:store
Uncaught Error: Missing environment variable JWT_PRIVATE_KEY
at requireEnv (../../node_modules/@convex-dev/auth/src/server/utils.ts:5:9)
at generateToken (../../node_modules/@convex-dev/auth/src/server/implementation/tokens.ts:19:19)
at generateTokensForSession (../../node_modules/@convex-dev/auth/src/server/implementation/sessions.ts:77:18)
at async maybeGenerateTokensForSession (../../node_modules/@convex-dev/auth/src/server/implementation/sessions.ts:32:10)
at async signInImpl (../../node_modules/@convex-dev/auth/src/server/implementation/mutations/signIn.ts:34:0)

leaden mountainBOT
#

Hi @solemn heath. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:

#

The error message Missing environment variable JWT_PRIVATE_KEY indicates that your Convex deployment is missing the required JWT_PRIVATE_KEY environment variable. This variable is essential for Convex Auth to function, as it is used to sign and verify JWTs for authentication.

How to fix:

  1. Generate the Key:
    If you haven't already, generate a new private key and its corresponding public key using the following script (save as generateKeys.mjs and run with Node):

    import { exportJWK, exportPKCS8, generateKeyPair } from "jose";

const keys = await generateKeyPair("RS256", { extractable: true });
const privateKey = await exportPKCS8(keys.privateKey);
const publicKey = await exportJWK(keys.publicKey);
const jwks = JSON.stringify({ keys: [{ use: "sig", ...publicKey }] });

process.stdout.write(
  `JWT_PRIVATE_KEY="${privateKey.trimEnd().replace(/\n/g, " ")}"`,
);
process.stdout.write("\n");
process.stdout.write(`JWKS=${jwks}`);
process.stdout.write("\n");

    Manual setup guide

  2. Set the Environment Variable in Convex:
    Copy the output for JWT_PRIVATE_KEY and add it to your Convex deployment's environment variables via the Convex dashboard or using the CLI:

    npx convex env set JWT_PRIVATE_KEY "your-private-key-here"

    If this is for production, use the --prod flag:

    npx convex env set JWT_PRIVATE_KEY "your-private-key-here" --prod

    Make sure you also set the JWKS variable with the public key output.

  3. Verify the Variable is Set:
    You can check if the variable is set correctly by running:

# 
   npx convex env get JWT_PRIVATE_KEY
   npx convex env get JWT_PRIVATE_KEY --prod

See related troubleshooting

Note:

  • This environment variable must be set in your Convex deployment, not just in your frontend or Vercel environment variables.
  • If you have different environments (dev and prod), make sure to set the variable in both if needed.

If you follow these steps, the error should be resolved. If you continue to see the error, double-check for typos or formatting issues in the key, and ensure you are setting it in the correct deployment environment.

For more details, see the Convex Auth manual setup guide and Convex environment variables documentation.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

#

@solemn heath Kapa.ai is still learning and improving, please let me know how I did by reacting below.

solemn heath
#

@leaden mountain doesn't convex automatically set up a JWT_PRIVATE_KEY for me when I create a new project?

i Step 1: Configure SITE_URL
i React Native projects don't require a SITE_URL.

i Step 2: Configure private and public key
? The deployment local-pathbound-pathbound already has JWT_PRIVATE_KEY or JWKS configured.
Overwrite them? Yes
✔ Successfully set JWT_PRIVATE_KEY (on deployment local-pathbound-pathbound)
✔ Successfully set JWKS (on deployment local-pathbound-pathbound)

i Step 3: Modify tsconfig file
✔ The convex/tsconfig.json is already set up.

i Step 4: Configure auth config file
✔ The convex/auth.config.ts is already set up.

i Step 5: Initialize auth file
✔ The convex/auth.ts is already set up.

i Step 6: Configure http file
✔ The convex/http.ts is already set up.
✔ You're all set. Continue by configuring your schema and frontend.

leaden mountainBOT
#

Let me check the knowledge base for you again. One moment! :books:

#

Convex does not automatically set up a JWT_PRIVATE_KEY for you when you create a new project. You are required to generate and set this environment variable yourself as part of the Convex Auth setup process.

When you run the Convex Auth setup script (e.g., npx @convex-dev/auth), it will prompt you to generate and set the JWT_PRIVATE_KEY and JWKS environment variables. If these variables already exist, the script will ask if you want to overwrite them, as shown in your output. This means the setup script helps you generate and configure the keys, but Convex does not provide or auto-generate them by default when you create a new project—you must go through the setup process to ensure they are present and correctly configured.

This is confirmed in the manual setup instructions, which explicitly require you to generate and set these keys yourself, either via the setup script or by following the manual steps to generate and add them to your deployment’s environment variables Manual Setup Guide.

If you skip this step or the keys are missing, you will encounter errors related to missing JWT_PRIVATE_KEY during authentication attempts Discord: Convex Auth Setup.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:

#

@solemn heath Kapa.ai is still learning and improving, please let me know how I did by reacting below.

solemn heath
#

@leaden mountain it says they are already setup, so where do I find them?

i Step 2: Configure private and public key
? The deployment local-pathbound-pathbound already has JWT_PRIVATE_KEY or JWKS configured.
Overwrite them? Yes
✔ Successfully set JWT_PRIVATE_KEY (on deployment local-pathbound-pathbound)
✔ Successfully set JWKS (on deployment local-pathbound-pathbound)

leaden mountainBOT
#

Let me check the knowledge base for you again. One moment! :books:

#

If the setup script says that JWT_PRIVATE_KEY and JWKS are already configured for your deployment, you can view their values in the Convex dashboard for your deployment:

  1. Go to the Convex Dashboard:
    Open [https://dashboard.convex.dev/deployment/settings/environment-variables](https://dashboard.convex.dev/deployment/settings/environment-variables).

  2. Select Your Deployment:
    Make sure you are viewing the correct deployment (e.g., your development or production environment).

  3. View Environment Variables:
    On the environment variables page, you will see a list of all environment variables set for that deployment, including JWT_PRIVATE_KEY and JWKS if they are present. You can view, copy, or update them here Dashboard > Deployments > Settings.

Alternatively, you can use the Convex CLI to print the value:

npx convex env get JWT_PRIVATE_KEY
npx convex env get JWKS

Add --prod if you want to check the production deployment:

npx convex env get JWT_PRIVATE_KEY --prod

This will allow you to confirm that the variables are set and see their current values Discord: ConvexAuth Env Variable related Error in Production.

If you do not see them in the dashboard or via the CLI, they may not be set for the deployment you are viewing.

Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: