Actually I’ve just found this in the documentation.
However, the start script allows you to pass the secret as the parameter -s. This parameter is actually being taken into account when generating the token for the broadcaster. I don’t get why it is not being used for generating viewers tokens.