diff --git a/nuxt.config.ts b/nuxt.config.ts
index cfe9389c3..cff441be8 100644
--- a/nuxt.config.ts
+++ b/nuxt.config.ts
@@ -40,9 +40,6 @@ const version = fs.existsSync(versionFile) ? fs.readFileSync(versionFile).toStri
 const publicKeyFile = `${__dirname}/keys/public.pem`;
 const publicKey = fs.existsSync(publicKeyFile) ? fs.readFileSync(publicKeyFile).toString('utf-8') : undefined;
 
-const applePrivateKeyFile = `${__dirname}/keys/AuthKey_${process.env.APPLE_KEY_ID}.p8`;
-process.env.APPLE_PRIVATE_KEY = fs.existsSync(applePrivateKeyFile) ? fs.readFileSync(applePrivateKeyFile).toString('utf-8') : '';
-
 const allLocalesUrls = buildList(function*() {
     if (process.env.NODE_ENV === 'development') {
         if (process.env.BASE_URL) {
diff --git a/server/social.ts b/server/social.ts
index ac0594296..8fa40d507 100644
--- a/server/social.ts
+++ b/server/social.ts
@@ -1,5 +1,7 @@
+import fs from 'fs';
 import jwt from 'jsonwebtoken';
 import type { GrantConfig, GrantResponse } from 'grant';
+import { rootDir } from './paths.ts';
 
 const getAppleClientSecret = (): string => {
     const headers = {
@@ -12,7 +14,9 @@ const getAppleClientSecret = (): string => {
         aud: 'https://appleid.apple.com',
         sub: process.env.APPLE_CLIENT_ID,
     };
-    return jwt.sign(claims, process.env.APPLE_PRIVATE_KEY!, {
+    const applePrivateKeyFile = `${rootDir}/keys/AuthKey_${process.env.APPLE_KEY_ID}.p8`;
+    const privateKey = fs.existsSync(applePrivateKeyFile) ? fs.readFileSync(applePrivateKeyFile).toString('utf-8') : '';
+    return jwt.sign(claims, privateKey, {
         algorithm: 'ES256',
         header: headers,
         expiresIn: '180d',