Why is using automatically generated JWT signing/encryption keys bad?

[trentprynn]

Currently I'm using next-auth to authenticate users using Auth0 for my habit tracking website. This is working great and you can actually view the next-auth configuration for the website here

Everything is working as expected but I'm getting the following warnings in the console

1. JWT_AUTO_GENERATED_SIGNING_KEY
2. JWT_AUTO_GENERATED_ENCRYPTION_KEY

I've checked out the documentation page for these and I understand I could generate this key and store it in my .env file but I'm wondering why I would want to do that.