diff --git a/lib/controllers/key_controller.dart b/lib/controllers/key_controller.dart
new file mode 100644
index 0000000..f11bdee
--- /dev/null
+++ b/lib/controllers/key_controller.dart
@@ -0,0 +1,18 @@
+import "dart:io";
+
+import "package:dart_jsonwebtoken/dart_jsonwebtoken.dart";
+import "package:matrixoidc/controllers/settings_controller.dart";
+import "package:riverpod/riverpod.dart";
+
+class KeyController extends AsyncNotifier<SecretKey> {
+  @override
+  Future<SecretKey> build() async => SecretKey(
+    (await File.fromUri(
+      Uri.file(ref.read(SettingsController.provider)!.jwtSecretFile),
+    ).readAsString()).trim(),
+  );
+
+  static final provider = AsyncNotifierProvider<KeyController, SecretKey>(
+    KeyController.new,
+  );
+}
diff --git a/lib/helpers/api_helper.dart b/lib/helpers/api_helper.dart
index 2a24140..787adb7 100644
--- a/lib/helpers/api_helper.dart
+++ b/lib/helpers/api_helper.dart
@@ -1,7 +1,7 @@
-import "dart:io";
 import "dart:convert";
 import "package:dart_jsonwebtoken/dart_jsonwebtoken.dart";
 import "package:matrixoidc/controllers/auth_code_controller.dart";
+import "package:matrixoidc/controllers/key_controller.dart";
 import "package:matrixoidc/controllers/settings_controller.dart";
 import "package:matrixoidc/helpers/name_helper.dart";
 import "package:shelf/shelf.dart";
@@ -136,9 +136,7 @@ class ApiHelper {
     );
 
     final token = jwt.sign(
-      SecretKey(
-        (await File.fromUri(Uri.file(settings.jwtSecretFile)).readAsString()),
-      ),
+      await ref.read(KeyController.provider.future),
       algorithm: JWTAlgorithm.HS256,
     );
 
@@ -162,11 +160,7 @@ class ApiHelper {
       final token = auth.substring(7);
       final jwt = JWT.verify(
         token,
-        SecretKey(
-          (await File.fromUri(
-            Uri.file(ref.read(SettingsController.provider)!.jwtSecretFile),
-          ).readAsString()),
-        ),
+        await ref.read(KeyController.provider.future),
       );
       return Response.ok(
         jsonEncode({"sub": jwt.subject}),
@@ -184,29 +178,13 @@ class ApiHelper {
     }
 
     try {
-      JWT.verify(
-        token,
-        SecretKey(
-          (await File.fromUri(
-            Uri.file(ref.read(SettingsController.provider)!.jwtSecretFile),
-          ).readAsString()),
-        ),
-      );
-
       final jwt = JWT.verify(
         token,
-        SecretKey(
-          (await File.fromUri(
-            Uri.file(ref.read(SettingsController.provider)!.jwtSecretFile),
-          ).readAsString()),
-        ),
+        await ref.read(KeyController.provider.future),
       );
 
       return Response.ok(
-        json.encode({
-          "active": true,
-          "name": jwt.subject!.getName(),
-        }),
+        json.encode({"active": true, "name": jwt.subject!.getName()}),
         headers: {"content-type": "application/json"},
       );
     } catch (_) {