[GH-ISSUE #5748] [bug]: Problem with JwtStrategy secret or key #2244

New issue

Closed

opened 2026-03-16 23:42:26 +03:00 by kerem · 1 comment

kerem commented

2026-03-16 23:42:26 +03:00

Owner

Originally created by @micongiu on GitHub (Jan 5, 2026).
Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/5748

Originally assigned to: @mirarifhasan on GitHub.

Is there an existing issue for this?

I have searched existing issues and this bug hasn't been reported yet

Platform

Desktop App

Browser

Edge

Operating System

Linux

Bug Description

The problem

When trying to upgrade Hoppscotch AIO to any version after 2025.11.0, the backend fails to start with the following error:

TypeError: JwtStrategy requires a secret or key

If I stay on 2025.11.0, everything works correctly with the same configuration.

What I have tried

Removed quotes around JWT-related environment variables.
Generated and used a longer JWT_SECRET value.
Performed a clean installation:
- Stopped the containers.
- Removed the PostgreSQL volume.
- Re-created the containers from scratch with the same configuration.

The error persists on every version after 2025.11.0.

Docker Compose configuration

services:
  hoppscotch-aio:
    container_name: hoppscotch-aio
    restart: always
    image: hoppscotch/hoppscotch:2025.11.0
    env_file:
      - ./.env
    environment:
      - DATABASE_URL=postgresql://postgres:2v@41^0AMX148Szv@hoppscotch-db:5432/hoppscotch?connect_timeout=300
    depends_on:
      hoppscotch-db:
        condition: service_healthy
    command: >
      sh -c "pnpx prisma migrate deploy && node /usr/src/app/aio_run.mjs"
    networks:
      - nginx_proxy-net

  hoppscotch-db:
    image: postgres:15
    container_name: hoppscotch-db
    restart: always
    user: postgres
    environment:
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: 2v@41^0AMX148Szv
      POSTGRES_DB: hoppscotch
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "sh -c 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'"
        ]
      interval: 5s
      timeout: 5s
      retries: 10
    volumes:
      - hoppscotch-db:/var/lib/postgresql/data
    networks:
      - nginx_proxy-net

volumes:
  hoppscotch-db:

networks:
  nginx_proxy-net:
    external: true

`.env` file

HOPP_AIO_ALTERNATE_PORT=5000

JWT_SECRET="c64ac40bd4a7b0f5a6b650caba06cade"
TOKEN_SALT_COMPLEXITY=10
MAGIC_LINK_TOKEN_VALIDITY=3

REFRESH_TOKEN_VALIDITY="604500000"
ACCESS_TOKEN_VALIDITY="86400000"

# Session Configuration
SESSION_SECRET='9905122227bcad34199e52daccd05893'
ALLOW_SECURE_COOKIES=true

DATA_ENCRYPTION_KEY="89bfbf5e916bf7a3a7d30e21dbb3060f"

# ----------------------- Hoppscotch App Config -----------------------#

# Application URLs and Whitelisted Origins
HOPPSCOTCH_HOST=https://hoppscotch.example.com
REDIRECT_URL="http://$HOPPSCOTCH_HOST"
WHITELISTED_ORIGINS="https://hoppscotch.example.com,https://hoppscotch.example.com:3170,https://hoppscotch.example.com:3000,https://hoppscotch.example.com:3100,https://hoppscotch.example.com:3200,http://hoppscotch.example.com:3170,http://hoppscotch.example.com:3000,http://hoppscotch.example.com:3100,http://hoppscotch.example.com:3200,http://localhost:3170,http://localhost:3000,http://localhost:3100,http://localhost:3200,app://hoppscotch,app://hoppscotch_example_com,app://hoppscotch_example_com_3170,app://hoppscotch_example_com_3000,app://hoppscotch_example_com_3100,app://hoppscotch_example_com_3200,app://localhostapp://localhost_3170,app://localhost_3000,app://localhost_3100,app://localhost_3200,http://app.hoppscotch_example_com"

# Allowed Authentication Providers
VITE_ALLOWED_AUTH_PROVIDERS="EMAIL"

# ---------------------- Mailer Configuration ------------------------#

MAILER_SMTP_ENABLE="true"

#MAILER_USE_CUSTOM_CONFIGS="false"
#MAILER_ADDRESS_FROM="noreply@domain.com"

# Custom SMTP Configuration (Used if MAILER_USE_CUSTOM_CONFIGS=true)
#MAILER_SMTP_HOST=""
#MAILER_SMTP_PORT="25"
#MAILER_SMTP_SECURE="false"
#MAILER_SMTP_USER=""
#MAILER_SMTP_PASSWORD=""
#MAILER_TLS_REJECT_UNAUTHORIZED="false"

# ---------------------- Rate Limit Configuration --------------------#

RATE_LIMIT_TTL=60 # Time window for rate limiting (in seconds)
RATE_LIMIT_MAX=100 # Maximum requests per IP within the TTL period

# ----------------------- Frontend Config ----------------------------#

# Base URLs
VITE_BASE_URL=https://hoppscotch.example.com
VITE_SHORTCODE_BASE_URL=https://hoppscotch.example.com
VITE_ADMIN_URL=https://hoppscotch.example.com/admin

# Backend API and WebSocket URLs
VITE_BACKEND_GQL_URL=https://hoppscotch.example.com/backend/graphql
VITE_BACKEND_WS_URL=wss://hoppscotch.example.com/backend/graphql
VITE_BACKEND_API_URL=https://hoppscotch.example.com/backend/v1

# Terms of Service and Privacy Policy Links
VITE_APP_TOS_LINK=http://docs.hoppscotch.io/support/terms
VITE_APP_PRIVACY_POLICY_LINK=http://docs.hoppscotch.io/support/privacy

# Enable subpath-based access (Set to `true` for subpath-based deployments)
ENABLE_SUBPATH_BASED_ACCESS=true

Additional information

Deployment type: Docker Compose, AIO image.
Database: PostgreSQL 15 container.
The attached fail.log (see link in this issue) contains the full stack trace of the error during startup.
fail.log

Deployment Type

Self-hosted (on-prem deployment)

Version

any-version after 2025.11.0

Originally created by @micongiu on GitHub (Jan 5, 2026). Original GitHub issue: https://github.com/hoppscotch/hoppscotch/issues/5748 Originally assigned to: @mirarifhasan on GitHub. ### Is there an existing issue for this? - [x] I have searched existing issues and this bug hasn't been reported yet ### Platform Desktop App ### Browser Edge ### Operating System Linux ### Bug Description ## The problem When trying to upgrade Hoppscotch AIO to any version after `2025.11.0`, the backend fails to start with the following error: > `TypeError: JwtStrategy requires a secret or key` If I stay on `2025.11.0`, everything works correctly with the same configuration. *** ## What I have tried - Removed quotes around JWT-related environment variables. - Generated and used a longer `JWT_SECRET` value. - Performed a clean installation: - Stopped the containers. - Removed the PostgreSQL volume. - Re-created the containers from scratch with the same configuration. The error persists on every version after `2025.11.0`. *** ## Docker Compose configuration ```yaml services: hoppscotch-aio: container_name: hoppscotch-aio restart: always image: hoppscotch/hoppscotch:2025.11.0 env_file: - ./.env environment: - DATABASE_URL=postgresql://postgres:2v@41^0AMX148Szv@hoppscotch-db:5432/hoppscotch?connect_timeout=300 depends_on: hoppscotch-db: condition: service_healthy command: > sh -c "pnpx prisma migrate deploy && node /usr/src/app/aio_run.mjs" networks: - nginx_proxy-net hoppscotch-db: image: postgres:15 container_name: hoppscotch-db restart: always user: postgres environment: POSTGRES_USER: postgres POSTGRES_PASSWORD: 2v@41^0AMX148Szv POSTGRES_DB: hoppscotch healthcheck: test: [ "CMD-SHELL", "sh -c 'pg_isready -U $${POSTGRES_USER} -d $${POSTGRES_DB}'" ] interval: 5s timeout: 5s retries: 10 volumes: - hoppscotch-db:/var/lib/postgresql/data networks: - nginx_proxy-net volumes: hoppscotch-db: networks: nginx_proxy-net: external: true ``` *** ## `.env` file ```env HOPP_AIO_ALTERNATE_PORT=5000 JWT_SECRET="c64ac40bd4a7b0f5a6b650caba06cade" TOKEN_SALT_COMPLEXITY=10 MAGIC_LINK_TOKEN_VALIDITY=3 REFRESH_TOKEN_VALIDITY="604500000" ACCESS_TOKEN_VALIDITY="86400000" # Session Configuration SESSION_SECRET='9905122227bcad34199e52daccd05893' ALLOW_SECURE_COOKIES=true DATA_ENCRYPTION_KEY="89bfbf5e916bf7a3a7d30e21dbb3060f" # ----------------------- Hoppscotch App Config -----------------------# # Application URLs and Whitelisted Origins HOPPSCOTCH_HOST=https://hoppscotch.example.com REDIRECT_URL="http://$HOPPSCOTCH_HOST" WHITELISTED_ORIGINS="https://hoppscotch.example.com,https://hoppscotch.example.com:3170,https://hoppscotch.example.com:3000,https://hoppscotch.example.com:3100,https://hoppscotch.example.com:3200,http://hoppscotch.example.com:3170,http://hoppscotch.example.com:3000,http://hoppscotch.example.com:3100,http://hoppscotch.example.com:3200,http://localhost:3170,http://localhost:3000,http://localhost:3100,http://localhost:3200,app://hoppscotch,app://hoppscotch_example_com,app://hoppscotch_example_com_3170,app://hoppscotch_example_com_3000,app://hoppscotch_example_com_3100,app://hoppscotch_example_com_3200,app://localhostapp://localhost_3170,app://localhost_3000,app://localhost_3100,app://localhost_3200,http://app.hoppscotch_example_com" # Allowed Authentication Providers VITE_ALLOWED_AUTH_PROVIDERS="EMAIL" # ---------------------- Mailer Configuration ------------------------# MAILER_SMTP_ENABLE="true" #MAILER_USE_CUSTOM_CONFIGS="false" #MAILER_ADDRESS_FROM="noreply@domain.com" # Custom SMTP Configuration (Used if MAILER_USE_CUSTOM_CONFIGS=true) #MAILER_SMTP_HOST="" #MAILER_SMTP_PORT="25" #MAILER_SMTP_SECURE="false" #MAILER_SMTP_USER="" #MAILER_SMTP_PASSWORD="" #MAILER_TLS_REJECT_UNAUTHORIZED="false" # ---------------------- Rate Limit Configuration --------------------# RATE_LIMIT_TTL=60 # Time window for rate limiting (in seconds) RATE_LIMIT_MAX=100 # Maximum requests per IP within the TTL period # ----------------------- Frontend Config ----------------------------# # Base URLs VITE_BASE_URL=https://hoppscotch.example.com VITE_SHORTCODE_BASE_URL=https://hoppscotch.example.com VITE_ADMIN_URL=https://hoppscotch.example.com/admin # Backend API and WebSocket URLs VITE_BACKEND_GQL_URL=https://hoppscotch.example.com/backend/graphql VITE_BACKEND_WS_URL=wss://hoppscotch.example.com/backend/graphql VITE_BACKEND_API_URL=https://hoppscotch.example.com/backend/v1 # Terms of Service and Privacy Policy Links VITE_APP_TOS_LINK=http://docs.hoppscotch.io/support/terms VITE_APP_PRIVACY_POLICY_LINK=http://docs.hoppscotch.io/support/privacy # Enable subpath-based access (Set to `true` for subpath-based deployments) ENABLE_SUBPATH_BASED_ACCESS=true ``` *** ## Additional information - Deployment type: Docker Compose, AIO image. - Database: PostgreSQL 15 container. - The attached `fail.log` (see link in this issue) contains the full stack trace of the error during startup. [fail.log](https://github.com/user-attachments/files/24430613/fail.log) ### Deployment Type Self-hosted (on-prem deployment) ### Version any-version after 2025.11.0

kerem

2026-03-16 23:42:26 +03:00

closed this issue
added the
bug

need testing
labels

kerem commented

2026-03-16 23:42:42 +03:00

Author

Owner

@mirarifhasan commented on GitHub (Jan 16, 2026):

@micongiu Thanks for the detailed information and for taking the time to investigate this.

The core issue here appears to be the database connection error. Once the Error: Connection terminated due to connection timeout is resolved, the JWT-related error should clear up automatically.

You might try increasing the connect_timeout in the database connection URL to see if the issue persists.

Additionally, we’ve recently simplified the required .env configuration, so you no longer need to maintain as many environment variables during setup. The updated list is available here:
https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment

@mirarifhasan commented on GitHub (Jan 16, 2026): @micongiu Thanks for the detailed information and for taking the time to investigate this. The core issue here appears to be the database connection error. Once the `Error: Connection terminated due to connection timeout` is resolved, the JWT-related error should clear up automatically. You might try increasing the `connect_timeout` in the database connection URL to see if the issue persists. Additionally, we’ve recently simplified the required `.env` configuration, so you no longer need to maintain as many environment variables during setup. The updated list is available here: https://docs.hoppscotch.io/documentation/self-host/community-edition/install-and-build#configuring-the-environment

kerem referenced this issue

2026-03-17 01:16:51 +03:00

[PR #2244] [CLOSED] refactor: migrate from options api to script setup with ts #3688