NextAuth Secret Generator

Generate secure AUTH_SECRET and NEXTAUTH_SECRET values for NextAuth.js and Auth.js directly in your browser. No server upload, no storage, fully client-side.

Browser-only

Generate a secret for NextAuth/Auth.js

Use AUTH_SECRET for Auth.js v5 or later, and NEXTAUTH_SECRET for NextAuth.js v4.
Environment variable
Output format
Length

Secret

This browser does not support secure random generation. Please try again in a modern browser.

.env format

AUTH_SECRET=
In Next.js, add this to .env.local. In production, set the same value in your hosting provider's environment variable settings.

CLI alternatives

If you prefer a command, Auth.js CLI or OpenSSL can generate a similar secret.

npx auth secret
openssl rand -base64 32

What is a NextAuth secret?

What is a NextAuth secret?

It is a random secret key that NextAuth/Auth.js uses to handle cookies, JWTs, and tokens safely. Production apps must configure one.

AUTH_SECRET vs NEXTAUTH_SECRET

AUTH_SECRET is recommended for Auth.js v5 and later. Use NEXTAUTH_SECRET when you are on NextAuth.js v4.

How to use it

Choose the environment variable name, output format, and byte length, then copy the value into .env.local or your production environment variables.

Safety notes

The generated secret is created only in this browser. Do not commit it to public repositories; store it in .env.local or production environment variables, and use separate values for development and production when possible.

FAQ

What is a NextAuth secret?

It is a secret random string used by NextAuth.js / Auth.js to protect cookies, JWTs, and tokens.

Should I use AUTH_SECRET or NEXTAUTH_SECRET?

Use AUTH_SECRET for Auth.js v5 or later. Use NEXTAUTH_SECRET for NextAuth.js v4.

Is the generated value sent to a server?

No. Generation happens in your browser and the secret is not uploaded.

Which format should I choose?

When in doubt, keep the default Base64 / 32 bytes setting.

Can I commit it to GitHub?

No. AUTH_SECRET and NEXTAUTH_SECRET are secrets and should not be committed to public repositories.

Browse all generators

Open the full generators page to compare tools and switch to another one.

Open tools page

Safety

Browser-only

Generation and export both stay in the browser.

No upload

Your input is never sent to a server.

No storage

Reloading clears the input and output.