diff --git a/release/cluster/helm/templates/config-polaris-console.yaml b/release/cluster/helm/templates/config-polaris-console.yaml
index 170c43c2b..19f8e498e 100644
--- a/release/cluster/helm/templates/config-polaris-console.yaml
+++ b/release/cluster/helm/templates/config-polaris-console.yaml
@@ -16,7 +16,7 @@ data:
       listenIP: "0.0.0.0"
       listenPort: {{ .Values.service.webPort }}
       jwt:
-        secretKey: "polarismesh@2021"
+        secretKey: "${JWT_KEY}"
         expired: 1800
       namingV1URL: "/naming/v1"
       namingV2URL: "/naming/v2"
diff --git a/release/cluster/helm/templates/polaris-server.yaml b/release/cluster/helm/templates/polaris-server.yaml
index 96e313261..3e883da71 100644
--- a/release/cluster/helm/templates/polaris-server.yaml
+++ b/release/cluster/helm/templates/polaris-server.yaml
@@ -86,6 +86,12 @@ spec:
             - mountPath: /root/polaris-console.yaml
               name: polaris-console-config
               subPath: polaris-console.yaml
+          env:
+            - name: JWT_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Release.Name }}
+                  key: JWT_KEY
       restartPolicy: Always
       volumes:
         - configMap:
diff --git a/release/cluster/helm/templates/secret.yaml b/release/cluster/helm/templates/secret.yaml
new file mode 100644
index 000000000..fbf692eeb
--- /dev/null
+++ b/release/cluster/helm/templates/secret.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .Release.Name }}
+type: Opaque
+data:
+  {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace .Release.Name }}
+  {{- if $existingSecret }}
+  # 复用已存在的值
+  JWT_KEY: {{ index $existingSecret.data "JWT_KEY" }}
+  {{- else }}
+  # 生成新随机值
+  JWT_KEY: {{ randAlphaNum 16 | b64enc | quote }}
+  {{- end }}