diff --git a/openedx/core/djangoapps/api_admin/utils.py b/openedx/core/djangoapps/api_admin/utils.py
index 93aab74c05..57393b3108 100644
--- a/openedx/core/djangoapps/api_admin/utils.py
+++ b/openedx/core/djangoapps/api_admin/utils.py
@@ -1,5 +1,8 @@
 """ Course Discovery API Service. """
+from django.conf import settings
+
 from edx_rest_api_client.client import EdxRestApiClient
+from openedx.core.djangoapps.theming import helpers
 from openedx.core.lib.token_utils import get_id_token
 from provider.oauth2.models import Client
 
@@ -9,7 +12,8 @@ CLIENT_NAME = 'course-discovery'
 def course_discovery_api_client(user):
     """ Returns a Course Discovery API client setup with authentication for the specified user. """
     course_discovery_client = Client.objects.get(name=CLIENT_NAME)
+    secret_key = helpers.get_value('JWT_AUTH', settings.JWT_AUTH)['JWT_SECRET_KEY']
     return EdxRestApiClient(
         course_discovery_client.url,
-        jwt=get_id_token(user, CLIENT_NAME)
+        jwt=get_id_token(user, CLIENT_NAME, secret_key=secret_key)
     )
diff --git a/openedx/core/lib/token_utils.py b/openedx/core/lib/token_utils.py
index 13aca508b5..9172e4d956 100644
--- a/openedx/core/lib/token_utils.py
+++ b/openedx/core/lib/token_utils.py
@@ -11,7 +11,7 @@ from provider.oauth2.models import Client
 from student.models import UserProfile, anonymous_id_for_user
 
 
-def get_id_token(user, client_name):
+def get_id_token(user, client_name, secret_key=None):
     """Construct a JWT for use with the named client.
 
     The JWT is signed with the named client's secret, and includes the following claims:
@@ -31,6 +31,8 @@ def get_id_token(user, client_name):
     Arguments:
         user (User): User for which to generate the JWT.
         client_name (unicode): Name of the OAuth2 Client for which the token is intended.
+        secret_key (str): Optional secret key for signing the JWT. Defaults to the configured client secret
+            if not provided.
 
     Returns:
         str: the JWT
@@ -64,7 +66,10 @@ def get_id_token(user, client_name):
         'sub': anonymous_id_for_user(user, None),
     }
 
-    return jwt.encode(payload, client.client_secret)
+    if secret_key is None:
+        secret_key = client.client_secret
+
+    return jwt.encode(payload, secret_key)
 
 
 def get_asymmetric_token(user, client_id):