Skip to main content

Env Secrets Generator

Generate cryptographically random secrets for your .env variables — hex, Base64, alphanumeric, or alphanumeric + symbols, at any length. Produces ready-to-paste KEY=value lines. Generated in your browser and never transmitted.

Input

One variable name per line. Each gets its own random secret.

Characters per secret, 8-256. 32+ is recommended.

Output

.env output
 

Paste into your .env file. Keep these values secret — never commit them.

Estimated entropy and average brute-force time per secret.

Was this helpful?

Guides

The Env Secrets Generator creates strong, cryptographically random values for the secret variables in your .env file — things like JWT_SECRET, DATABASE_PASSWORD, SESSION_SECRET, and API_KEY. Instead of typing "changeme" or reusing an old key, you get unpredictable, high-entropy secrets in the exact format your framework expects, ready to paste straight into a .env file.

How to use it

  1. List your variable names in the text box, one per line. The tool ships with a few common defaults you can edit.
  2. Pick a secret format: Base64, Hex, Alphanumeric, or Alphanumeric + symbols.
  3. Set the secret length — 32 characters or more is recommended for anything security-sensitive.
  4. Optionally turn on comments to annotate each variable with its format and length.
  5. Click Generate secrets. Copy the output or download it as a .env file.

Every variable gets its own independent random value, so no two secrets ever match.

Which format should I pick?

  • Base64 — compact and dense; a great default for signing keys and tokens (e.g. JWT_SECRET, ENCRYPTION_KEY).
  • Hex — lowercase 0-9a-f, easy to read and copy without escaping. Common for webhook and session secrets.
  • Alphanumeric — letters and digits only, safe in URLs, shells, and config files that dislike special characters.
  • Alphanumeric + symbols — the widest alphabet and highest entropy per character; ideal for database passwords.

How strong are the generated secrets?

The Strength readout estimates the entropy of each secret as length × log₂(alphabet size) and shows the average time to brute-force it at 10 billion guesses per second. As a rule of thumb, aim for at least 128 bits of entropy for production secrets — a 32-character Base64 value already clears that comfortably.

Are these secrets cryptographically secure?

Yes. Values are drawn from a cryptographically secure pseudo-random number generator (the same CSPRNG your browser and Node.js expose), not from Math.random(). Character selection uses rejection sampling, so every character in the chosen alphabet is equally likely — there is no modulo bias skewing the output.

Can I generate a single key instead of a whole file?

Absolutely — just enter one variable name. The output is still a KEY=value line, which you can copy on its own.

Privacy

This tool runs entirely in your browser. Your variable names and every generated secret are produced locally and never sent to a server, logged, or stored. Refresh the page and they are gone. Because the secrets never leave your machine, it is safe to use them for real production credentials — though you should still store the final values in a proper secrets manager rather than committing them to source control.

envdotenvsecretsecretskeytokenpasswordrandomgeneratorcrypto

Love the tools? Lose the ads.

One payment clears every ad from your account, for good. No subscription, no tracking.