diff --git a/app.py b/app.py
index 559ded3..1b10749 100644
--- a/app.py
+++ b/app.py
@@ -51,6 +51,8 @@ from config import PASS
 from config import HEADERS
 from config import VERSION
 from config import DEBUG_MODE
+from config import JWT
+from config import ADMIN_API_KEY
 from config import _drop_db
 from config import custom_cache_purge_hook
 from utils.httpsig import HTTPSigAuth, verify_request
@@ -79,14 +81,6 @@ root_logger = logging.getLogger()
 root_logger.handlers = gunicorn_logger.handlers
 root_logger.setLevel(gunicorn_logger.level)
 
-JWT_SECRET = get_secret_key('jwt')
-JWT = JSONWebSignatureSerializer(JWT_SECRET)
-
-def _admin_jwt_token() -> str:
-    return JWT.dumps({'me': 'ADMIN', 'ts': datetime.now().timestamp()}).decode('utf-8')  # type: ignore
-
-ADMIN_API_KEY = get_secret_key('admin_api_key', _admin_jwt_token)
-
 SIG_AUTH = HTTPSigAuth(ID+'#main-key', KEY.privkey)
 
 
diff --git a/config.py b/config.py
index b1645df..1be18f7 100644
--- a/config.py
+++ b/config.py
@@ -3,9 +3,10 @@ import os
 import yaml
 from pymongo import MongoClient
 import requests
+from itsdangerous import JSONWebSignatureSerializer
 
 from utils import strtobool
-from utils.key import Key, KEY_DIR
+from utils.key import Key, KEY_DIR, get_secret_key
 from utils.actor_service import ActorService
 from utils.object_service import ObjectService
 
@@ -73,6 +74,16 @@ def _drop_db():
 
 KEY = Key(USERNAME, DOMAIN, create=True)
 
+
+JWT_SECRET = get_secret_key('jwt')
+JWT = JSONWebSignatureSerializer(JWT_SECRET)
+
+def _admin_jwt_token() -> str:
+    return JWT.dumps({'me': 'ADMIN', 'ts': datetime.now().timestamp()}).decode('utf-8')  # type: ignore
+
+ADMIN_API_KEY = get_secret_key('admin_api_key', _admin_jwt_token)
+
+
 ME = {
     "@context": [
         CTX_AS,