diff --git a/jwt.go b/jwt.go
index 9282f62..e1250b0 100644
--- a/jwt.go
+++ b/jwt.go
@@ -282,7 +282,11 @@ func (jwtPlugin *JwtPlugin) ParseKeys(certificates []string) error {
 		} else if u, err := url.ParseRequestURI(certificate); err == nil {
 			jwtPlugin.jwkEndpoints = append(jwtPlugin.jwkEndpoints, u)
 		} else {
-			return fmt.Errorf("Invalid configuration, expecting a certificate, public key or JWK URL")
+			// Allow HS* shared secret to be supplied directly via `keys`
+			// Store raw string bytes as HMAC key
+			secretBytes := []byte(certificate)
+			jwtPlugin.keys[strconv.Itoa(len(jwtPlugin.keys))] = secretBytes
+			continue
 		}
 	}
 	return nil