100% client-side — verify in your network tab

Random Base64 Secret Generator

Random secrets encoded as base64 or URL-safe base64url.

$ openssl rand -base64 32

Base64 vs base64url

Base64 packs 6 bits into each character, making it ~33% denser than hex: 32 random bytes fit in 43 characters instead of 64. Standard base64 uses + and / plus = padding — characters that break URLs, filenames and some config parsers. base64url (RFC 4648 §5) swaps them for - and _ and drops the padding, which is why it's the default here and the encoding JWTs themselves use.

Where you'd use one

Random base64 strings are the conventional format for many framework secrets: NextAuth/Auth.js AUTH_SECRET, cookie-session keys, Laravel's APP_KEY (base64-prefixed), or any place documentation says openssl rand -base64 32. This page generates the same thing — 16 to 128 bytes from your browser's CSPRNG, encoded in the variant you pick.

Entropy comes from bytes, not characters

A secret's strength is the number of random bytes behind it, not its printed length. 32 bytes carry 256 bits of entropy whether shown as 64 hex characters or 43 base64 characters. Everything is generated locally with crypto.getRandomValues(); nothing is transmitted or stored.

Nothing leaves your browser

More free generators