diff --git a/management/cmd/management.go b/management/cmd/management.go
index e15c9aa2c..ab8f9b805 100644
--- a/management/cmd/management.go
+++ b/management/cmd/management.go
@@ -195,7 +195,7 @@ var (
 				return fmt.Errorf("failed to build default manager: %v", err)
 			}
 
-			turnRelayTokenManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.RelayAddress)
+			turnRelayTokenManager := server.NewTimeBasedAuthSecretsManager(peersUpdateManager, config.TURNConfig, config.RelayConfig)
 
 			trustedPeers := config.ReverseProxy.TrustedPeers
 			defaultTrustedPeers := []netip.Prefix{netip.MustParsePrefix("0.0.0.0/0"), netip.MustParsePrefix("::/0")}
@@ -538,6 +538,10 @@ func loadMgmtConfig(ctx context.Context, mgmtConfigPath string) (*server.Config,
 		}
 	}
 
+	if loadedConfig.RelayConfig != nil {
+		log.Infof("Relay address: %v", loadedConfig.RelayConfig.Address)
+	}
+
 	return loadedConfig, err
 }
 
diff --git a/management/cmd/management_test.go b/management/cmd/management_test.go
new file mode 100644
index 000000000..ae6ac978f
--- /dev/null
+++ b/management/cmd/management_test.go
@@ -0,0 +1,54 @@
+package cmd
+
+import (
+	"context"
+	"os"
+	"testing"
+)
+
+const (
+	exampleConfig = `{	
+		"RelayConfig": {
+		   "Address": "rels://relay.stage.npeer.io"
+		},
+		"HttpConfig": {
+			"AuthAudience": "https://stageapp/",
+			"AuthIssuer": "https://something.eu.auth0.com/",
+			"OIDCConfigEndpoint": "https://something.eu.auth0.com/.well-known/openid-configuration"
+		}
+	}`
+)
+
+func Test_loadMgmtConfig(t *testing.T) {
+	tmpFile, err := createConfig()
+	if err != nil {
+		t.Fatalf("failed to create config: %s", err)
+	}
+
+	cfg, err := loadMgmtConfig(context.Background(), tmpFile)
+	if err != nil {
+		t.Fatalf("failed to load management config: %s", err)
+	}
+	if cfg.RelayConfig == nil {
+		t.Fatalf("config is nil")
+	}
+	if cfg.RelayConfig.Address == "" {
+		t.Fatalf("relay address is empty")
+	}
+}
+
+func createConfig() (string, error) {
+	tmpfile, err := os.CreateTemp("", "config.json")
+	if err != nil {
+		return "", err
+	}
+	_, err = tmpfile.Write([]byte(exampleConfig))
+	if err != nil {
+		return "", err
+	}
+
+	if err := tmpfile.Close(); err != nil {
+		return "", err
+	}
+	return tmpfile.Name(), nil
+}
diff --git a/management/server/config.go b/management/server/config.go
index cbc8a4e72..beba239e6 100644
--- a/management/server/config.go
+++ b/management/server/config.go
@@ -32,10 +32,10 @@ const (
 
 // Config of the Management service
 type Config struct {
-	Stuns        []*Host
-	TURNConfig   *TURNConfig
-	RelayAddress string
-	Signal       *Host
+	Stuns       []*Host
+	TURNConfig  *TURNConfig
+	RelayConfig *RelayConfig
+	Signal      *Host
 
 	Datadir                string
 	DataStoreEncryptionKey string
@@ -72,6 +72,10 @@ type TURNConfig struct {
 	Turns                []*Host
 }
 
+type RelayConfig struct {
+	Address string
+}
+
 // HttpServerConfig is a config of the HTTP Management service server
 type HttpServerConfig struct {
 	LetsEncryptDomain string
diff --git a/management/server/grpcserver.go b/management/server/grpcserver.go
index 3abcd1ccd..0e42b9f20 100644
--- a/management/server/grpcserver.go
+++ b/management/server/grpcserver.go
@@ -518,9 +518,9 @@ func toWiretrusteeConfig(config *Config, turnCredentials *TURNRelayToken, relayT
 	}
 
 	var relayCfg *proto.RelayConfig
-	if config.RelayAddress != "" {
+	if config.RelayConfig != nil && config.RelayConfig.Address != "" {
 		relayCfg = &proto.RelayConfig{
-			Urls: []string{config.RelayAddress},
+			Urls: []string{config.RelayConfig.Address},
 		}
 
 		if relayToken != nil {
diff --git a/management/server/token_mgr.go b/management/server/token_mgr.go
index f5003004b..c84f815e1 100644
--- a/management/server/token_mgr.go
+++ b/management/server/token_mgr.go
@@ -31,12 +31,17 @@ type TimeBasedAuthSecretsManager struct {
 
 type TURNRelayToken auth.Token
 
-func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *TURNConfig, relayAddress string) *TimeBasedAuthSecretsManager {
+func NewTimeBasedAuthSecretsManager(updateManager *PeersUpdateManager, turnCfg *TURNConfig, relayConfig *RelayConfig) *TimeBasedAuthSecretsManager {
+
+	var relayAddr string
+	if relayConfig != nil {
+		relayAddr = relayConfig.Address
+	}
 	return &TimeBasedAuthSecretsManager{
 		mux:           sync.Mutex{},
 		updateManager: updateManager,
 		turnCfg:       turnCfg,
-		relayAddr:     relayAddress,
+		relayAddr:     relayAddr,
 		hmacToken:     auth.NewTimedHMAC(turnCfg.Secret, turnCfg.CredentialsTTL.Duration),
 		cancelMap:     make(map[string]chan struct{}),
 	}