不喜欢广告? 去 无广告 今天
Environment Secrets Generator (.env Values)
开发人员
广告 · 消除?
广告 · 消除?
指导
Environment Secrets Generator
Generate cryptographically secure environment variable values for your .env files. Create JWT secrets, database passwords, API keys, session secrets, and more — all using crypto.getRandomValues() for true randomness. Nothing is sent to any server; everything runs in your browser.
如何使用
Click preset buttons to add common environment variables (JWT_SECRET, DATABASE_PASSWORD, API_KEY, etc.) or add custom variables with your own names. Choose the encoding type (hex, base64, alphanumeric, or alphanumeric with symbols) and length for each variable. Values generate automatically. Copy individual values or the entire .env block with one click. Regenerate individual values or all at once.
特征
- 快速预设 — One-click buttons for JWT_SECRET, DATABASE_PASSWORD, API_KEY, SESSION_SECRET, WEBHOOK_SECRET, ENCRYPTION_KEY, and APP_SECRET with recommended encoding and length defaults.
- Cryptographic Randomness — All values generated using crypto.getRandomValues(), the Web Cryptography API. No pseudo-random shortcuts. Suitable for production use.
- Multiple Encodings — Choose hex, base64, alphanumeric, or alphanumeric+symbols per variable. Base64 values are generated from random bytes then encoded (not random character picking).
- Strength Indicators — Per-variable entropy calculation showing bits of entropy, visual strength bar, and estimated crack time.
- Custom Variables — Add any variable name with custom encoding and length. Build your complete .env file in one place.
- .env Block Output — Full formatted output ready to paste into your .env file. Optional comments above each variable describing the type and encoding.
- 一键复制 — Copy individual values or the entire .env block to clipboard instantly.
- Regenerate Controls — Regenerate individual values or all values at once without changing your variable configuration.
- 100% 客户端 — Nothing leaves your browser. No server requests, no logging, no tracking. Your secrets stay secret.
Are the generated secrets truly secure?
Yes. This tool uses crypto.getRandomValues(), the Web Cryptography API built into all modern browsers. This provides cryptographically strong random numbers from the operating system’s entropy source — the same randomness used for TLS/SSL encryption. The generated values are suitable for production JWT secrets, API keys, database passwords, and any other environment secrets. Nothing is sent to any server; all generation happens entirely in your browser.
What encoding should I use for each secret type?
It depends on the use case. Base64 is ideal for JWT secrets and encryption keys (compact representation of binary data). Hex is good for session secrets and webhook secrets (easy to verify and debug). Alphanumeric works well for API keys and general passwords (no special character issues). Alphanumeric+symbols provides maximum entropy per character for database passwords and master keys. The presets use recommended defaults for each type.
What is entropy and how much do I need?
Entropy measures the randomness (unpredictability) of a secret in bits. More bits = harder to crack. A 128-bit secret has 2^128 possible values — enough to resist brute force even with all the world’s computing power. For reference: 64 hex characters = 256 bits of entropy, 32 alphanumeric characters ≈ 190 bits, 24 alphanumeric+symbols characters ≈ 158 bits. For most applications, 128+ bits of entropy is considered uncrackable. The strength indicator shows entropy for each generated value.
What is a .env file and why do I need one?
A .env file stores environment variables — configuration values that your application needs but shouldn’t be hardcoded in source code. This includes database credentials, API keys, JWT secrets, encryption keys, and service tokens. The .env file is kept out of version control (added to .gitignore) so secrets aren’t exposed in your repository. Frameworks like Node.js (dotenv), Python (python-dotenv), Laravel, and Rails all support .env files. This tool helps you generate secure values for all your environment variables at once.
广告 · 消除?
