diff --git a/cmd/main.go b/cmd/main.go
index 154bc90..652c9b4 100755
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -82,7 +82,11 @@ func main() {
 			homepage.InitOverridesConfig,
 			favicon.InitIconCache,
 		)
-		// logging.AddHook(notif.GetDispatcher())
+
+		if common.APIJWTSecret == nil {
+			logging.Warn().Msg("API_JWT_SECRET is not set, using random key")
+			common.APIJWTSecret = common.RandomJWTKey()
+		}
 	} else {
 		logging.DiscardLogger()
 	}
diff --git a/internal/api/v1/auth/auth.go b/internal/api/v1/auth/auth.go
index 705c74b..c579d4a 100644
--- a/internal/api/v1/auth/auth.go
+++ b/internal/api/v1/auth/auth.go
@@ -4,7 +4,6 @@ import (
 	"net/http"
 
 	"github.com/yusing/go-proxy/internal/common"
-	"github.com/yusing/go-proxy/internal/logging"
 	"github.com/yusing/go-proxy/internal/net/gphttp"
 )
 
@@ -13,7 +12,6 @@ var defaultAuth Provider
 // Initialize sets up authentication providers.
 func Initialize() error {
 	if !IsEnabled() {
-		logging.Warn().Msg("authentication is disabled, please set API_JWT_SECRET or OIDC_* to enable authentication")
 		return nil
 	}
 
diff --git a/internal/common/crypto.go b/internal/common/crypto.go
index 6214a57..3dcc204 100644
--- a/internal/common/crypto.go
+++ b/internal/common/crypto.go
@@ -1,6 +1,7 @@
 package common
 
 import (
+	"crypto/rand"
 	"encoding/base64"
 
 	"github.com/rs/zerolog/log"
@@ -16,3 +17,12 @@ func decodeJWTKey(key string) []byte {
 	}
 	return bytes
 }
+
+func RandomJWTKey() []byte {
+	key := make([]byte, 32)
+	_, err := rand.Read(key)
+	if err != nil {
+		log.Panic().Err(err).Msg("failed to generate random jwt key")
+	}
+	return key
+}