JWT Secret Generator
Generate a strong JWT signing secret (Base64URL). All values are generated on your device using a cryptographically secure random generator — nothing is sent to a server.
Everything runs in your browser. Your data is never sent to our servers.
Example
Example Input
(click Generate)
Example Output
k7Q-9Zr…(Base64URL)
How to Use
- 1Open "More settings" to adjust parameters (e.g. size/length) if needed.
- 2Click the Generate button.
- 3Copy the result with the Copy button.
About JWT Secret
JWTs signed with HS256 require a strong, random secret. A weak secret lets tokens be forged — one of the most common JWT security mistakes.
This tool creates a random secret (default 32 bytes) and encodes it as a Base64URL string that is safe to use in environment variables and configs.
Keep this secret as a server-side secret. To create/sign tokens use the JWT tool; to verify, use JWT Verifier with the same secret.
FAQ
Are my data or keys sent to a server?
No. JWT Secret runs entirely in your browser using the Web Crypto API and client-side libraries. Your data, passwords, and keys never leave your device.