diff --git a/cmd/common-main.go b/cmd/common-main.go
index b0266c43d..116f4d34e 100644
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -109,9 +109,8 @@ func init() {
 const consolePrefix = "CONSOLE_"
 
 func minioConfigToConsoleFeatures() {
-	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID)
 	os.Setenv("CONSOLE_PBKDF_SALT", globalDeploymentID)
-	os.Setenv("CONSOLE_HMAC_JWT_SECRET", globalDeploymentID)
+	os.Setenv("CONSOLE_PBKDF_PASSPHRASE", globalDeploymentID)
 	os.Setenv("CONSOLE_MINIO_SERVER", getAPIEndpoints()[0])
 	if value := env.Get("MINIO_LOG_QUERY_URL", ""); value != "" {
 		os.Setenv("CONSOLE_LOG_QUERY_URL", value)
@@ -130,17 +129,19 @@ func minioConfigToConsoleFeatures() {
 	// if IDP is enabled, set IDP environment variables
 	if globalOpenIDConfig.URL != nil {
 		os.Setenv("CONSOLE_IDP_URL", globalOpenIDConfig.DiscoveryDoc.Issuer)
-		os.Setenv("CONSOLE_IDP_SCOPES", strings.Join(globalOpenIDConfig.DiscoveryDoc.ScopesSupported, ","))
 		os.Setenv("CONSOLE_IDP_CLIENT_ID", globalOpenIDConfig.ClientID)
 		os.Setenv("CONSOLE_IDP_SECRET", globalOpenIDConfig.ClientSecret)
+		os.Setenv("CONSOLE_IDP_HMAC_SALT", globalDeploymentID)
+		os.Setenv("CONSOLE_IDP_HMAC_PASSPHRASE", globalOpenIDConfig.ClientID)
+		os.Setenv("CONSOLE_IDP_SCOPES", strings.Join(globalOpenIDConfig.DiscoveryDoc.ScopesSupported, ","))
+		if globalOpenIDConfig.RedirectURI != "" {
+			os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI)
+		} else {
+			os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
+		}
 	}
 	os.Setenv("CONSOLE_MINIO_REGION", globalServerRegion)
 	os.Setenv("CONSOLE_CERT_PASSWD", env.Get("MINIO_CERT_PASSWD", ""))
-	if globalOpenIDConfig.RedirectURI != "" {
-		os.Setenv("CONSOLE_IDP_CALLBACK", globalOpenIDConfig.RedirectURI)
-	} else {
-		os.Setenv("CONSOLE_IDP_CALLBACK", getConsoleEndpoints()[0]+"/oauth_callback")
-	}
 }
 
 func initConsoleServer() (*restapi.Server, error) {