diff --git a/tests/conftest.py b/tests/conftest.py
index 4fa6363..7a104a0 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -6,6 +6,12 @@ from pathlib import Path
 import duckdb
 import pytest
 
+# Ensure consistent JWT secret across all workers (pytest-xdist).
+# Set at import time so every worker process picks up the same values
+# before any module-level code in app.auth.jwt caches the secret.
+os.environ.setdefault("TESTING", "1")
+os.environ.setdefault("JWT_SECRET_KEY", "test-secret-e2e")
+
 
 @pytest.fixture
 def e2e_env(tmp_path, monkeypatch):
diff --git a/tests/test_instance_config.py b/tests/test_instance_config.py
index 9b4d1ff..316f71a 100644
--- a/tests/test_instance_config.py
+++ b/tests/test_instance_config.py
@@ -6,7 +6,7 @@ class TestInstanceConfig:
     def test_missing_config_returns_defaults(self, tmp_path, monkeypatch):
         monkeypatch.setenv("DATA_DIR", str(tmp_path))
         monkeypatch.setenv("TESTING", "1")
-        monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-key-min-32-characters!!")
+        monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-e2e")
         from app.instance_config import get_instance_name
         name = get_instance_name()
         assert isinstance(name, str)
@@ -15,7 +15,7 @@ class TestInstanceConfig:
         """get_instance_name should read instance.name from YAML, not flat instance_name."""
         monkeypatch.setenv("DATA_DIR", str(tmp_path))
         monkeypatch.setenv("TESTING", "1")
-        monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-key-min-32-characters!!")
+        monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-e2e")
 
         state_dir = tmp_path / "state"
         state_dir.mkdir(exist_ok=True)
diff --git a/tests/test_security.py b/tests/test_security.py
index 561c246..0ddf4a1 100644
--- a/tests/test_security.py
+++ b/tests/test_security.py
@@ -10,7 +10,7 @@ from fastapi.testclient import TestClient
 @pytest.fixture
 def client(tmp_path, monkeypatch):
     monkeypatch.setenv("DATA_DIR", str(tmp_path))
-    monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-32chars-minimum!!!!!")
+    monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-e2e")
     monkeypatch.setenv("SCRIPT_TIMEOUT", "5")
 
     from app.main import create_app
@@ -287,7 +287,7 @@ class TestAuthSecurity:
 def viewer_client(tmp_path, monkeypatch):
     """TestClient with a viewer-role user seeded."""
     monkeypatch.setenv("DATA_DIR", str(tmp_path))
-    monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-32chars-minimum!!!!!")
+    monkeypatch.setenv("JWT_SECRET_KEY", "test-secret-e2e")
     monkeypatch.setenv("SCRIPT_TIMEOUT", "5")
 
     from app.main import create_app