From 6a242356a0c84a67d27620fb640e5e34c94a7283 Mon Sep 17 00:00:00 2001
From: Matthias <xmatthias@outlook.com>
Date: Tue, 10 Feb 2026 20:20:29 +0100
Subject: [PATCH] docs: update docs about jwt_secret_key

---
 docs/includes/cors.md | 4 ++--
 docs/rest-api.md      | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/includes/cors.md b/docs/includes/cors.md
index f79017747..337106676 100644
--- a/docs/includes/cors.md
+++ b/docs/includes/cors.md
@@ -15,7 +15,7 @@ Assuming your application is deployed as `https://frequi.freqtrade.io/home/` - t
 ```jsonc
 {
     //...
-    "jwt_secret_key": "somethingrandom",
+    "jwt_secret_key": "somethingRandomSomethingRandom123",
     "CORS_origins": ["https://frequi.freqtrade.io"],
     //...
 }
@@ -29,7 +29,7 @@ The correct configuration for this case is `http://localhost:8080` - the main pa
 ```jsonc
 {
     //...
-    "jwt_secret_key": "somethingrandom",
+    "jwt_secret_key": "somethingRandomSomethingRandom123",
     "CORS_origins": ["http://localhost:8080"],
     //...
 }
diff --git a/docs/rest-api.md b/docs/rest-api.md
index f41a2ebe4..0ace2e7b4 100644
--- a/docs/rest-api.md
+++ b/docs/rest-api.md
@@ -17,7 +17,7 @@ Sample configuration:
         "listen_port": 8080,
         "verbosity": "error",
         "enable_openapi": false,
-        "jwt_secret_key": "somethingrandom",
+        "jwt_secret_key": "somethingRandomSomethingRandom123",
         "CORS_origins": [],
         "username": "Freqtrader",
         "password": "SuperSecret1!",
@@ -56,7 +56,7 @@ secrets.token_hex()
 
 !!! Danger "Password selection"
     Please make sure to select a very strong, unique password to protect your bot from unauthorized access.
-    Also change `jwt_secret_key` to something random (no need to remember this, but it'll be used to encrypt your session, so it better be something unique!).
+    Also change `jwt_secret_key` to something random (no need to remember this, but it'll be used to encrypt your session, so it better be something unique!). This value should also be 32 characters or longer to be safe.
 
 ### Configuration with docker
 
@@ -245,7 +245,7 @@ You would then add that token under `ws_token` in your `api_server` config. Like
     "listen_port": 8080,
     "verbosity": "error",
     "enable_openapi": false,
-    "jwt_secret_key": "somethingrandom",
+    "jwt_secret_key": "somethingRandomSomethingRandom123",
     "CORS_origins": [],
     "username": "Freqtrader",
     "password": "SuperSecret1!",