diff --git a/doc/man/man5/slurm.conf.5 b/doc/man/man5/slurm.conf.5
index be607b28c5376700bed054a17b324590110f06dd..e77d5c07b839a9a098286ebd209d7ca1807cc7de 100644
--- a/doc/man/man5/slurm.conf.5
+++ b/doc/man/man5/slurm.conf.5
@@ -352,6 +352,13 @@ will permit for communication. Acceptable values at present include "auth/jwt".
 \fBAuthAltParameters\fR
 Used to define alternative authentication plugins options. Multiple options may
 be comma separated.
+.RS
+.TP 15
+\fBjwt_key=\fR
+Absolute path to JWT key file. Key must be HS256, and should only be accessible
+by SlurmUser. If not set, the default key file is jwt_hs256.key in
+\fIStateSaveLocation\fR.
+.RE
 
 .TP
 \fBAuthInfo\fR
diff --git a/doc/man/man5/slurmdbd.conf.5 b/doc/man/man5/slurmdbd.conf.5
index edf4a1144a7b73ef17b54341a0af9a8146860c00..1dd33452c6a27f926de7fd1d3c5519ecb06be5c7 100644
--- a/doc/man/man5/slurmdbd.conf.5
+++ b/doc/man/man5/slurmdbd.conf.5
@@ -138,6 +138,12 @@ will permit for communication.
 \fBAuthAltParameters\fR
 Used to define alternative authentication plugins options. Multiple options may
 be comma separated.
+.RS
+.TP 15
+\fBjwt_key=\fR
+Absolute path to JWT key file. Key must be HS256, and should only be accessible
+by SlurmUser.
+.RE
 
 .TP
 \fBAuthType\fR
diff --git a/src/plugins/auth/jwt/auth_jwt.c b/src/plugins/auth/jwt/auth_jwt.c
index 7f834bdce792e80012d9e98818e8a328bf66d319..29c3b803f8d23f3a8439d1ebd3fa28426e748586 100644
--- a/src/plugins/auth/jwt/auth_jwt.c
+++ b/src/plugins/auth/jwt/auth_jwt.c
@@ -115,17 +115,45 @@ __thread char *thread_username = NULL;
 
 static int _init_key(void)
 {
-	char *key_file = xstrdup(slurm_conf.state_save_location);
-	xstrcat(key_file, "/jwt_hs256.key");
-	key = create_mmap_buf(key_file);
-	if (!key) {
+	char *key_file = NULL;
+
+	if (slurm_conf.authalt_params && slurm_conf.authalt_params[0]) {
+		const char *jwt_key_field = "jwt_key=";
+		char *begin = xstrcasestr(slurm_conf.authalt_params,
+					  jwt_key_field);
+
+		/* find the begin and ending offsets of the jwt_key */
+		if (begin) {
+			char *start = begin + sizeof(jwt_key_field);
+			char *end = NULL;
+
+			if ((end = xstrstr(start, ",")))
+				key_file = xstrndup(start, (end - start));
+			else
+				key_file = xstrdup(start);
+		}
+	}
+
+	if (!key_file && slurm_conf.state_save_location) {
+		const char *default_key = "jwt_hs256.key";
+		/* default to state_save_location for slurmctld */
+		xstrfmtcat(key_file, "%s/%s",
+			   slurm_conf.state_save_location, default_key);
+	}
+
+	if (!key_file)
+		return ESLURM_AUTH_SKIP;
+
+	debug("%s: Loading key: %s", __func__, key_file);
+
+	if (!(key = create_mmap_buf(key_file))) {
 		error("%s: Could not load key file (%s)",
 		      plugin_type, key_file);
 		xfree(key_file);
-		return SLURM_ERROR;
+		return ESLURM_AUTH_FOPEN_ERROR;
 	}
-	xfree(key_file);
 
+	xfree(key_file);
 	return SLURM_SUCCESS;
 }