>_
Sign inSign up

// SECRET_KEY_USE_CASE

Generate a JWT Secret

JWT secrets are used to sign and verify tokens. Weak or reused secrets can let attackers forge tokens, so use a long random value and store it securely.

Open Secret Key Generator Test HMAC signatures

Recommended Variable

JWT_SECRET="..."

Recommended Format

Base64URL, 64 characters

How to do it

  1. STEP_01 Open the Secret Key Generator and choose the JWT Secret preset.
  2. STEP_02 Generate a 64-character Base64URL value for symmetric JWT signing.
  3. STEP_03 Store the value as JWT_SECRET in your API environment.
  4. STEP_04 Use the same secret only for services that must verify the same tokens.

FAQ

Is this for HS256 or RS256 JWTs?

Use this for symmetric algorithms such as HS256 and HS512. RS256 uses a private/public key pair instead of one shared secret.

Can I put a JWT secret in frontend code?

No. JWT signing secrets belong on the server. Frontend code can read public tokens but must never contain signing secrets.