From b77041d9bf7c7adb1a563cd3a9e5e1697ba90461 Mon Sep 17 00:00:00 2001
From: Aryan Sharma <aryansharm1223@gmail.com>
Date: Fri, 15 Aug 2025 22:39:06 +0530
Subject: [PATCH] fixed unclear documentation and added safe recommendations

---
 README.md | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 4e20dd9..59cfc0b 100644
--- a/README.md
+++ b/README.md
@@ -66,11 +66,13 @@ The header can be customized via the `options.header` object.
 
 Generated jwts will include an `iat` (issued at) claim by default unless `noTimestamp` is specified. If `iat` is inserted in the payload, it will be used instead of the real timestamp for calculating other things like `exp` given a timespan in `options.expiresIn`.
 
+It is recommended to store the secret key in a .env file.
+
 Synchronous Sign with default (HMAC SHA256)
 
 ```js
 var jwt = require('jsonwebtoken');
-var token = jwt.sign({ foo: 'bar' }, 'shhhhh');
+var token = jwt.sign({ foo: 'bar' }, 'secretkey');
 ```
 
 Synchronous Sign with RSA SHA256