>_
Sign inSign up

// SECRET_KEY_USE_CASE

Generate a NextAuth Secret

NextAuth and Auth.js use a secret to encrypt tokens, sign cookies, and protect authentication state. A stable production secret is required for reliable sessions.

Open Secret Key Generator Test HMAC signatures

Recommended Variable

AUTH_SECRET="..."

Recommended Format

Base64URL, 64 characters

How to do it

  1. STEP_01 Open the Secret Key Generator and choose the NextAuth/Auth.js preset.
  2. STEP_02 Generate a 64-character Base64URL secret.
  3. STEP_03 Copy it as AUTH_SECRET or NEXTAUTH_SECRET depending on your framework version.
  4. STEP_04 Save it in your deployment provider environment variables before deploying.

FAQ

Should I use AUTH_SECRET or NEXTAUTH_SECRET?

Auth.js commonly uses AUTH_SECRET. Older NextAuth setups often use NEXTAUTH_SECRET. Match the variable name expected by your installed version.

Can the secret change on every deploy?

No. Production auth secrets should stay stable. Changing them can invalidate sessions and token encryption.