diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java
index 6f268bebbc03..9f710e6ef651 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/SystemRepository.java
@@ -18,6 +18,7 @@
 import org.openmetadata.api.configuration.UiThemePreference;
 import org.openmetadata.schema.email.SmtpSettings;
 import org.openmetadata.schema.entity.services.ingestionPipelines.PipelineServiceClientResponse;
+import org.openmetadata.schema.security.client.OpenMetadataJWTClientConfig;
 import org.openmetadata.schema.service.configuration.slackApp.SlackAppConfiguration;
 import org.openmetadata.schema.services.connections.metadata.OpenMetadataConnection;
 import org.openmetadata.schema.settings.Settings;
@@ -35,6 +36,8 @@
 import org.openmetadata.service.migration.MigrationValidationClient;
 import org.openmetadata.service.resources.settings.SettingsCache;
 import org.openmetadata.service.search.SearchRepository;
+import org.openmetadata.service.secrets.SecretsManager;
+import org.openmetadata.service.secrets.SecretsManagerFactory;
 import org.openmetadata.service.security.JwtFilter;
 import org.openmetadata.service.util.JsonUtils;
 import org.openmetadata.service.util.OpenMetadataConnectionBuilder;
@@ -432,11 +435,13 @@ private StepValidation getPipelineServiceClientValidation(
 
   private StepValidation getJWKsValidation(
       OpenMetadataApplicationConfig applicationConfig, JwtFilter jwtFilter) {
+    SecretsManager secretsManager = SecretsManagerFactory.getSecretsManager();
     OpenMetadataConnection openMetadataServerConnection =
         new OpenMetadataConnectionBuilder(applicationConfig).build();
+    OpenMetadataJWTClientConfig realJWTConfig =
+        secretsManager.decryptJWTConfig(openMetadataServerConnection.getSecurityConfig());
     try {
-      jwtFilter.validateJwtAndGetClaims(
-          openMetadataServerConnection.getSecurityConfig().getJwtToken());
+      jwtFilter.validateJwtAndGetClaims(realJWTConfig.getJwtToken());
       return new StepValidation()
           .withDescription(ValidationStepDescription.JWT_TOKEN.key)
           .withPassed(Boolean.TRUE)
diff --git a/openmetadata-service/src/main/java/org/openmetadata/service/secrets/SecretsManager.java b/openmetadata-service/src/main/java/org/openmetadata/service/secrets/SecretsManager.java
index 5f595b83daf8..5cfb4f95bc6e 100644
--- a/openmetadata-service/src/main/java/org/openmetadata/service/secrets/SecretsManager.java
+++ b/openmetadata-service/src/main/java/org/openmetadata/service/secrets/SecretsManager.java
@@ -180,6 +180,20 @@ public AuthenticationMechanism decryptAuthenticationMechanism(
     return null;
   }
 
+  public OpenMetadataJWTClientConfig decryptJWTConfig(OpenMetadataJWTClientConfig jwtConfig) {
+    if (jwtConfig != null) {
+      try {
+        OpenMetadataJWTClientConfig decrypted =
+            (OpenMetadataJWTClientConfig) decryptPasswordFields(jwtConfig);
+        return (OpenMetadataJWTClientConfig) getSecretFields(decrypted);
+      } catch (Exception e) {
+        throw new SecretsManagerException(
+            Response.Status.BAD_REQUEST, "Failed to decrypt JWT Client Config instance.");
+      }
+    }
+    return null;
+  }
+
   public void encryptIngestionPipeline(IngestionPipeline ingestionPipeline) {
     OpenMetadataConnection openMetadataConnection =
         encryptOpenMetadataConnection(ingestionPipeline.getOpenMetadataServerConnection(), true);