diff --git a/internal/db/start/start.go b/internal/db/start/start.go
index 229543cda..586926154 100644
--- a/internal/db/start/start.go
+++ b/internal/db/start/start.go
@@ -55,6 +55,8 @@ func NewContainerConfig() container.Config {
 			"POSTGRES_HOST=/var/run/postgresql",
 			"POSTGRES_INITDB_ARGS=--lc-ctype=C.UTF-8",
 			"POSTGRES_INITDB_ARGS=--lc-collate=C.UTF-8",
+			"JWT_SECRET=" + utils.Config.Auth.JwtSecret,
+			fmt.Sprintf("JWT_EXP=%d", utils.Config.Auth.JwtExpiry),
 		},
 		Healthcheck: &container.HealthConfig{
 			Test:     []string{"CMD", "pg_isready", "-U", "postgres", "-h", "localhost", "-p", "5432"},
diff --git a/internal/db/start/templates/schema.sql b/internal/db/start/templates/schema.sql
index 1758c0482..a215f0d85 100644
--- a/internal/db/start/templates/schema.sql
+++ b/internal/db/start/templates/schema.sql
@@ -1,10 +1,16 @@
 \set pgpass `echo "$PGPASSWORD"`
+\set jwt_secret `echo "$JWT_SECRET"`
+\set jwt_exp `echo "$JWT_EXP"`
+
+ALTER DATABASE postgres SET "app.settings.jwt_secret" TO :'jwt_secret';
+ALTER DATABASE postgres SET "app.settings.jwt_exp" TO :'jwt_exp';
 
 ALTER USER authenticator WITH PASSWORD :'pgpass';
 ALTER USER pgbouncer WITH PASSWORD :'pgpass';
 ALTER USER supabase_auth_admin WITH PASSWORD :'pgpass';
 ALTER USER supabase_storage_admin WITH PASSWORD :'pgpass';
 ALTER USER supabase_replication_admin WITH PASSWORD :'pgpass';
+ALTER USER supabase_read_only_user WITH PASSWORD :'pgpass';
 
 create schema if not exists _realtime;
 alter schema _realtime owner to postgres;
diff --git a/internal/utils/config.go b/internal/utils/config.go
index c04fda174..f3aa7bef1 100644
--- a/internal/utils/config.go
+++ b/internal/utils/config.go
@@ -119,6 +119,7 @@ var Config = config{
 			"workos":    {},
 			"zoom":      {},
 		},
+		JwtExpiry:      3600,
 		JwtSecret:      "super-secret-jwt-token-with-at-least-32-characters-long",
 		AnonKey:        "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0",
 		ServiceRoleKey: "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU",