JWT Secret Generator

JWT Secret Generator is a free online tool for creating cryptographically secure JWT signing secrets using the browser's CSPRNG. Choose from four formats — Hex, Base64, Base64URL, or alphanumeric — adjust the length from 16 to 128 characters, generate up to 100 secrets in one batch, and see the entropy in bits for every setting.

Secrets are generated entirely in your browser: they never travel over the network and are never stored, no sign-up required. Ideal for developers who need strong random secrets for JWT signing, API tokens, or session keys, with one-click copy-all and export to a text file.

How to Use

  1. Choose a secret format (Hex, Base64, Base64URL, or alphanumeric)
  2. Drag the slider to set the length (16-128 characters)
  3. Set how many to generate (1-100) and click Generate
  4. Copy individual secrets, copy all at once, or export as a .txt file

FAQ

Is this JWT secret generator free?

Yes, it is completely free with no registration required and no limit on how many secrets you generate.

Are the generated secrets secure? Are they logged?

Yes, they are secure, and no, they are never logged. Secrets are generated locally using the browser's cryptographic random number API (crypto.getRandomValues) and never cross the network — SodaTool cannot see or store them.

How long should my secret be?

For HS256 signing, use a secret with at least 256 bits of entropy (32 bytes). The tool defaults to 64 characters and displays the entropy live — pick any combination showing 256 bits or more.

What is the difference between the four formats?

Hex uses only 0-9 and a-f for maximum compatibility; Base64 includes + and /; Base64URL swaps those for - and _, making it safe for URLs and environment variables; alphanumeric uses only A-Z, a-z, and 0-9, ideal for config files sensitive to special characters.

Comments

Log in to post a comment