Random Base64 String Generator

How to use

1. 1️⃣
   Choose your options above
2. 2️⃣
   Click Generate
3. 3️⃣
   Copy your result

Detailed instructions

1. Set the byte length to 32 for standard secrets, or 64 for HMAC-SHA512 keys.
2. Set the count to how many independent strings you need in one batch.
3. Toggle URL-safe to Yes if the string will appear in a URL, filename, or JWT.
4. Click Generate to produce the list of encoded strings.
5. Copy the string you want and paste it directly into your .env file or config.

Use Cases

• •Setting Django SECRET_KEY or Flask secret_key in a production .env file
• •Generating a 64-byte HS512 signing secret for a Node.js JWT authentication service
• •Creating URL-safe password-reset tokens to embed directly in emailed links
• •Pre-seeding a Cypress test suite with distinct 32-byte AES-256 key fixtures
• •Producing webhook signing secrets for Stripe or GitHub payload verification

Tips

• →For .env files, 32 bytes is the sweet spot — long enough to be secure, short enough that most env parsers handle it without line-wrap issues.
• →If your framework checks secret length at startup (e.g., Django warns below 50 characters), use 40 bytes to comfortably clear that threshold.
• →URL-safe mode is always safe to use even when you don't strictly need it — the character set is valid everywhere standard Base64 is.
• →Generate at least three strings when rotating a secret, so you have immediate backups if the first one causes an unexpected conflict.
• →Avoid trimming or shortening the output — each character contributes to entropy, and manually cutting a string can introduce subtle patterns.
• →When using a generated string as a cookie secret, confirm your cookie library handles Base64 characters without additional escaping before deploying.

FAQ