diff --git a/src/config.js b/src/config.js
index 884ee07647c..6062fa57f68 100644
--- a/src/config.js
+++ b/src/config.js
@@ -5,7 +5,8 @@ const { str } = envalid;
 export default envalid.cleanEnv(
   process.env,
   {
-    STORE_URL: str({ devDefault: "http://localhost:4000" })
+    STORE_URL: str({ devDefault: "http://localhost:4000" }),
+    TOKEN_SECRET: str({ default: "UPDATE_THIS_SECRET" })
   },
   {
     dotEnvPath: null
diff --git a/src/util/accountServer.js b/src/util/accountServer.js
index 88883c9f1ce..46523e83fa0 100644
--- a/src/util/accountServer.js
+++ b/src/util/accountServer.js
@@ -13,7 +13,7 @@ export default async (app) => {
   if (accountsServer && accountsGraphQL) {
     return { accountsServer, accountsGraphQL };
   }
-  const { MONGO_URL, STORE_URL } = config;
+  const { MONGO_URL, STORE_URL, TOKEN_SECRET } = config;
   const { context } = app;
 
   const client = await mongoConnectWithRetry(MONGO_URL);
@@ -30,6 +30,7 @@ export default async (app) => {
   accountsServer = new AccountsServer(
     {
       siteUrl: STORE_URL,
+      tokenSecret: TOKEN_SECRET,
       db: accountsMongo,
       enableAutologin: true,
       ambiguousErrorMessages: false,