diff --git a/kubectl-plugin/common/installer.go b/kubectl-plugin/common/installer.go
index a97b73c..10ef8d0 100644
--- a/kubectl-plugin/common/installer.go
+++ b/kubectl-plugin/common/installer.go
@@ -10,17 +10,23 @@ type KSInstallerSpec struct {
 	Version        string
 	ImageNamespace string
 
-	Servicemesh   ComponentStatus
-	Openpitrix    ComponentStatus
-	Notification  ComponentStatus
-	NetworkPolicy ComponentStatus
-	MetricsServer ComponentStatus
-	Logging       ComponentStatus
-	Events        ComponentStatus
-	DevOps        ComponentStatus
-	Auditing      ComponentStatus
-	Alerting      ComponentStatus
-	Multicluster  Multicluster `yaml:"multicluster"`
+	Authentication Authentication `yaml:"authentication"`
+	Servicemesh    ComponentStatus
+	Openpitrix     ComponentStatus
+	Notification   ComponentStatus
+	NetworkPolicy  ComponentStatus
+	MetricsServer  ComponentStatus
+	Logging        ComponentStatus
+	Events         ComponentStatus
+	DevOps         ComponentStatus
+	Auditing       ComponentStatus
+	Alerting       ComponentStatus
+	Multicluster   Multicluster `yaml:"multicluster"`
+}
+
+// Authentication represents the Authentication of KubeSphere
+type Authentication struct {
+	JwtSecret string `yaml:"jwtSecret"`
 }
 
 // ComponentStatus is a common status
diff --git a/kubectl-plugin/config/cluster.go b/kubectl-plugin/config/cluster.go
index fd86c67..a80c5ef 100644
--- a/kubectl-plugin/config/cluster.go
+++ b/kubectl-plugin/config/cluster.go
@@ -105,6 +105,9 @@ func (o *clusterOption) showClusterRole() (err error) {
 		installer := common.KSInstaller{}
 		if err = yaml.Unmarshal(yamlData, &installer); err == nil {
 			fmt.Printf("cluster role: %s\n", installer.Spec.Multicluster.ClusterRole)
+			if installer.Spec.Multicluster.ClusterRole == "member" {
+				fmt.Printf("host cluster jwtSecret: %s\n", installer.Spec.Authentication.JwtSecret)
+			}
 		}
 	}
 
@@ -117,7 +120,7 @@ func (o *clusterOption) showClusterRole() (err error) {
 
 		cfg := kubeSphereConfig{}
 		if err = yaml.Unmarshal([]byte(fmt.Sprintf("%v", kubeSphereCfg)), &cfg); err == nil {
-			fmt.Printf("jwtSecret: %s\n", cfg.Authentication.JwtSecret)
+			fmt.Printf("current jwtSecret: %s\n", cfg.Authentication.JwtSecret)
 		}
 	}
 	return