diff --git a/controllers/auth.py b/controllers/auth.py
index 080fdc1..b5b9ff1 100644
--- a/controllers/auth.py
+++ b/controllers/auth.py
@@ -30,7 +30,9 @@ class TokenResponse(BaseModel):
 auth_router = APIRouter()
 
 DEFAULT_STATUSES = ["BOOKMARKED", "APPLIED", "ACCEPTED", "REJECTED"]
-JWT_SECRET = os.getenv('JWT_SECRET', 'your-secret-key')
+JWT_SECRET = os.getenv('JWT_SECRET')
+if not JWT_SECRET:
+raise ValueError("JWT_SECRET environment variable must be set")
 
 # Helper function to set JWT token
 async def create_token(user):