diff --git a/config/config.yml b/config/config.yml
index 1493a0d7f1..1e671260e9 100644
--- a/config/config.yml
+++ b/config/config.yml
@@ -130,7 +130,7 @@ config:
           type: jwt
           challenge: false
           config:
-            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
+            signing_key: "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z"
             jwt_header: "Authorization"
             jwt_url_parameter: null
             jwt_clock_skew_tolerance_seconds: 30
diff --git a/legacy/securityconfig_v6/config.yml b/legacy/securityconfig_v6/config.yml
index d867a72200..f6338c231f 100644
--- a/legacy/securityconfig_v6/config.yml
+++ b/legacy/securityconfig_v6/config.yml
@@ -121,7 +121,7 @@ opendistro_security:
           type: jwt
           challenge: false
           config:
-            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
+            signing_key: "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z"
             jwt_header: "Authorization"
             jwt_url_parameter: null
             roles_key: null
diff --git a/src/test/resources/legacy/securityconfig_v6/config.yml b/src/test/resources/legacy/securityconfig_v6/config.yml
index 19b1fd76cd..38bd8b8605 100644
--- a/src/test/resources/legacy/securityconfig_v6/config.yml
+++ b/src/test/resources/legacy/securityconfig_v6/config.yml
@@ -120,7 +120,7 @@ opendistro_security:
           type: jwt
           challenge: false
           config:
-            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
+            signing_key: "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z"
             jwt_header: "Authorization"
             jwt_url_parameter: null
             roles_key: null
diff --git a/src/test/resources/legacy/securityconfig_v6/migration/config.yml b/src/test/resources/legacy/securityconfig_v6/migration/config.yml
index cd9b2398c9..9f526e89b4 100644
--- a/src/test/resources/legacy/securityconfig_v6/migration/config.yml
+++ b/src/test/resources/legacy/securityconfig_v6/migration/config.yml
@@ -111,7 +111,7 @@ opendistro_security:
           type: jwt
           challenge: false
           config:
-            signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key"
+            signing_key: "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z"
             jwt_header: "Authorization"
             jwt_url_parameter: null
             roles_key: null
diff --git a/src/test/resources/restapi/securityconfig_nondefault.json b/src/test/resources/restapi/securityconfig_nondefault.json
index a3f2a307d6..e70c331c7d 100644
--- a/src/test/resources/restapi/securityconfig_nondefault.json
+++ b/src/test/resources/restapi/securityconfig_nondefault.json
@@ -28,7 +28,7 @@
           "challenge" : false,
           "type" : "jwt",
           "config" : {
-            "signing_key" : "base64 encoded HMAC key or public RSA/ECDSA pem key",
+            "signing_key" : "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z",
             "jwt_header" : "Authorization"
           }
         },
@@ -172,6 +172,7 @@
     "hosts_resolver_mode" : "ip-only",
     "do_not_fail_on_forbidden_empty" : false,
     "on_behalf_of": {
+      "enabled": true,
       "signing_key": "VGhpcyBpcyB0aGUgand0IHNpZ25pbmcga2V5IGZvciBhbiBvbiBiZWhhbGYgb2YgdG9rZW4gYXV0aGVudGljYXRpb24gYmFja2VuZCBmb3IgdGVzdGluZyBvZiBleHRlbnNpb25z",
       "encryption_key": "ZW5jcnlwdGlvbktleQ=="
     }