diff --git a/src/main/kotlin/eventDemo/configuration/ktor/ConfigureAuth.kt b/src/main/kotlin/eventDemo/configuration/ktor/ConfigureAuth.kt
index fc73f96..24b889e 100644
--- a/src/main/kotlin/eventDemo/configuration/ktor/ConfigureAuth.kt
+++ b/src/main/kotlin/eventDemo/configuration/ktor/ConfigureAuth.kt
@@ -15,19 +15,18 @@ import io.ktor.server.routing.routing
 import kotlinx.serialization.json.Json
 import java.util.Date
 
-// TODO: read the jwt property from the config file
-private val jwtRealm = "Play card game"
-private val jwtIssuer = "PlayCardGame"
-private val jwtSecret = "secret"
+private const val JWT_ISSUER = "PlayCardGame"
 
 fun Application.configureSecurity() {
+  val jwtSecret = environment.config.propertyOrNull("jwt.secret")?.getString() ?: error("You must set a jwt secret")
+
   authentication {
     jwt {
-      realm = jwtRealm
+      realm = "Play card game"
       verifier(
         JWT
           .require(Algorithm.HMAC256(jwtSecret))
-          .withIssuer(jwtIssuer)
+          .withIssuer(JWT_ISSUER)
           .build(),
       )
       validate { credential ->
@@ -48,15 +47,15 @@ fun Application.configureSecurity() {
       val username = call.parameters["username"]!!
       val player = Player(name = username)
 
-      call.respond(hashMapOf("token" to player.makeJwt()))
+      call.respond(hashMapOf("token" to player.makeJwt(jwtSecret)))
     }
   }
 }
 
-fun Player.makeJwt(): String =
+fun Player.makeJwt(jwtSecret: String): String =
   JWT
     .create()
-    .withIssuer(jwtIssuer)
+    .withIssuer(JWT_ISSUER)
     .withClaim("username", name)
     .withPayload(Json.encodeToString(this))
     .withExpiresAt(Date(System.currentTimeMillis() + 60000))
diff --git a/src/main/resources/application.conf b/src/main/resources/application.conf
new file mode 100644
index 0000000..2bc624d
--- /dev/null
+++ b/src/main/resources/application.conf
@@ -0,0 +1,4 @@
+jwt {
+    secret = "secret"
+    secret = ${?JWT_SECRET}
+}
\ No newline at end of file
diff --git a/src/test/kotlin/eventDemo/app/query/GameStateRouteTest.kt b/src/test/kotlin/eventDemo/app/query/GameStateRouteTest.kt
index 97f80fc..3299094 100644
--- a/src/test/kotlin/eventDemo/app/query/GameStateRouteTest.kt
+++ b/src/test/kotlin/eventDemo/app/query/GameStateRouteTest.kt
@@ -117,5 +117,5 @@ class GameStateRouteTest :
   })
 
 private fun HttpRequestBuilder.withAuth(player: Player) {
-  header("Authorization", "Bearer ${player.makeJwt()}")
+  header("Authorization", "Bearer ${player.makeJwt("secret")}")
 }