diff --git a/config.example.toml b/config.example.toml
index dc8d697..9393d2a 100644
--- a/config.example.toml
+++ b/config.example.toml
@@ -7,7 +7,7 @@ access_log = true
 url = "postgresql+psycopg://username:password@host:port/database"
 
 [access_token]
-crypto_key = "..."
+crypto_key = "..." # 32-byte url-safe base64 key
 expires_in = 86400
 
 [yandex_oauth]
diff --git a/infrastructure/configs/backend/config.toml b/infrastructure/configs/backend/config.toml
index 8128764..094f196 100644
--- a/infrastructure/configs/backend/config.toml
+++ b/infrastructure/configs/backend/config.toml
@@ -7,7 +7,7 @@ access_log = true
 url = "postgresql+psycopg://postgres:postgres@postgres:5432/postgres"
 
 [access_token]
-crypto_key = "insecure_token"
+crypto_key = "YlPGYA-WnyYW8Cd0bFZWPeZjPjfXhrD9P7ciCprYmmc="
 expires_in = 86400
 
 [yandex_oauth]
diff --git a/src/template_project/web_api/configuration.py b/src/template_project/web_api/configuration.py
index 17f57b4..32c0351 100644
--- a/src/template_project/web_api/configuration.py
+++ b/src/template_project/web_api/configuration.py
@@ -5,6 +5,7 @@ from tomllib import loads
 from typing import dataclass_transform
 
 from adaptix import P, Retort, loader
+from cryptography.fernet import Fernet
 
 from template_project.application.common.containers import SecretString
 
@@ -24,6 +25,13 @@ class AccessTokenConfiguration:
     crypto_key: str
     expires_in: timedelta
 
+    def __post_init__(self) -> None:
+        try:
+            Fernet(self.crypto_key)
+        except ValueError as error:
+            msg = "access_token.crypto_key must be a valid 32-byte url-safe base64 key"
+            raise ValueError(msg) from error
+
 
 @to_configuration
 class ServerConfiguration: