diff --git a/rust-backend/.env.example b/rust-backend/.env.example
new file mode 100644
index 0000000..7a00bf9
--- /dev/null
+++ b/rust-backend/.env.example
@@ -0,0 +1,2 @@
+JWT_SECRET=DenHerMåAldrigVæreOffentligKunIDetteDemoProjekt
+
diff --git a/rust-backend/.gitignore b/rust-backend/.gitignore
index f8c722e..f3e9326 100644
--- a/rust-backend/.gitignore
+++ b/rust-backend/.gitignore
@@ -1,4 +1,4 @@
 target
 database.sqlite3
-
+.env
 
diff --git a/rust-backend/Cargo.lock b/rust-backend/Cargo.lock
index dbbc0e7..4493b96 100644
--- a/rust-backend/Cargo.lock
+++ b/rust-backend/Cargo.lock
@@ -426,6 +426,12 @@ dependencies = [
  "subtle",
 ]
 
+[[package]]
+name = "dotenvy"
+version = "0.15.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1aaf95b3e5c8f23aa320147307562d361db0ae0d51242340f558153b4eb2439b"
+
 [[package]]
 name = "encoding_rs"
 version = "0.8.34"
@@ -1125,6 +1131,7 @@ dependencies = [
  "actix-utils",
  "actix-web",
  "base64",
+ "dotenvy",
  "hmac",
  "refinery",
  "rusqlite",
diff --git a/rust-backend/Cargo.toml b/rust-backend/Cargo.toml
index ca84e91..dc34cae 100644
--- a/rust-backend/Cargo.toml
+++ b/rust-backend/Cargo.toml
@@ -10,6 +10,7 @@ hmac = "0.12.1"
 serde_json = "1.0.124"
 actix-web = "4"
 actix-utils = "3.0.1"
+dotenvy = "0.15.7"
 refinery = { version = "0.8.14", features = ["rusqlite"] }
 rusqlite = { version = "0.31", features = ["bundled"] }
 
diff --git a/rust-backend/src/auth.rs b/rust-backend/src/auth.rs
index 6d4dfb5..3f09a72 100644
--- a/rust-backend/src/auth.rs
+++ b/rust-backend/src/auth.rs
@@ -30,6 +30,8 @@ impl FromRequest for AuthorizedUser {
 }
 
 fn get_authorized_user(req: &HttpRequest) -> Option<AuthorizedUser> {
+    let secret = std::env::var("JWT_SECRET").expect("JWT_SECRET must be provided");
+
     let token = req.headers()
         .get("Authorization")
         .and_then(|value| value.to_str().ok())
@@ -51,7 +53,7 @@ fn get_authorized_user(req: &HttpRequest) -> Option<AuthorizedUser> {
     let payload: Value = serde_json::from_slice(&URL_SAFE_NO_PAD.decode(jwt_parts.get(1).unwrap()).ok()?).ok()?;
     let signature = URL_SAFE_NO_PAD.decode(jwt_parts.get(2).unwrap()).ok()?;
 
-    let mut mac = Hmac::<Sha256>::new_from_slice("DenHerMåAldrigVæreOffentligKunIDetteDemoProjekt".as_bytes()).ok()?;
+    let mut mac = Hmac::<Sha256>::new_from_slice(secret.as_bytes()).ok()?;
     mac.update(format!("{}.{}", jwt_parts.get(0).unwrap(), jwt_parts.get(1).unwrap()).as_bytes());
 
     if mac.verify_slice(&signature).is_err() {
diff --git a/rust-backend/src/main.rs b/rust-backend/src/main.rs
index 162cef3..1322e98 100644
--- a/rust-backend/src/main.rs
+++ b/rust-backend/src/main.rs
@@ -31,6 +31,8 @@ async fn authorized(auth: AuthorizedUser) -> impl Responder {
 
 #[actix_web::main]
 async fn main() -> std::io::Result<()> {
+    let _ = dotenvy::dotenv();
+
     let port = std::env::var("RUST_BACKEND_PORT")
         .ok()
         .and_then(|port| port.parse::<u16>().ok())