diff --git a/src/backend/main.py b/src/backend/main.py
index 3594e04..904de64 100644
--- a/src/backend/main.py
+++ b/src/backend/main.py
@@ -144,7 +144,9 @@ app.add_middleware(
 
 # Security
 security = HTTPBearer()
-SECRET_KEY = os.getenv("SECRET_KEY", "26fc1f29bd4599f5f29200b6ca083531")
+JWT_SECRET_KEY = os.getenv("JWT_SECRET_KEY")
+if JWT_SECRET_KEY is None:
+    raise ValueError("JWT_SECRET_KEY environment variable is not set")
 ALGORITHM = "HS256"
 
 # ============================
@@ -221,14 +223,14 @@ def create_access_token(data: dict, expires_delta: Optional[timedelta] = None):
     else:
         expire = datetime.now(UTC) + timedelta(hours=24)
     to_encode.update({"exp": expire})
-    encoded_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM)
+    encoded_jwt = jwt.encode(to_encode, JWT_SECRET_KEY, algorithm=ALGORITHM)
     return encoded_jwt
 
 async def verify_token_with_blacklist(credentials: HTTPAuthorizationCredentials = Depends(security)):
     """Verify token and check if it's blacklisted"""
     try:
         # First decode the token
-        payload = jwt.decode(credentials.credentials, SECRET_KEY, algorithms=[ALGORITHM])
+        payload = jwt.decode(credentials.credentials, JWT_SECRET_KEY, algorithms=[ALGORITHM])
         user_id: str = payload.get("sub")
         if user_id is None:
             raise HTTPException(status_code=401, detail="Invalid authentication credentials")
@@ -476,7 +478,7 @@ async def logout(
     try:
         # Verify refresh token
         try:
-            refresh_payload = jwt.decode(refresh_token, SECRET_KEY, algorithms=[ALGORITHM])
+            refresh_payload = jwt.decode(refresh_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
             user_id = refresh_payload.get("sub")
             token_type = refresh_payload.get("type")
             refresh_exp = refresh_payload.get("exp")
@@ -521,7 +523,7 @@ async def logout(
         # If access token is provided, revoke it too
         if access_token:
             try:
-                access_payload = jwt.decode(access_token, SECRET_KEY, algorithms=[ALGORITHM])
+                access_payload = jwt.decode(access_token, JWT_SECRET_KEY, algorithms=[ALGORITHM])
                 access_user_id = access_payload.get("sub")
                 access_exp = access_payload.get("exp")
                 
@@ -607,7 +609,7 @@ async def refresh_token_endpoint(
     """Refresh token endpoint"""
     try:
         # Verify refresh token
-        payload = jwt.decode(refreshToken, SECRET_KEY, algorithms=[ALGORITHM])
+        payload = jwt.decode(refreshToken, JWT_SECRET_KEY, algorithms=[ALGORITHM])
         user_id = payload.get("sub")
         token_type = payload.get("type")