JWTSecrets
Back to Home

Frequently Asked Questions

General Questions

What is JWTSecrets.com?

JWTSecrets.com is a free online platform that provides secure cryptographic tools, primarily focusing on JWT (JSON Web Token) secret key generation and related security utilities. Our tools are designed to help developers implement robust security measures in their applications.

Is JWTSecrets.com free to use?

Yes, our core tools and services are completely free to use. We also offer enterprise-level solutions with additional features and support for businesses with specific requirements.

Security & Privacy

How secure are the generated keys?

Our key generation tools use cryptographically secure random number generators and follow industry best practices. All operations are performed locally in your browser, ensuring that your keys are never transmitted over the internet or stored on our servers.

Do you store the generated keys?

No, we never store or transmit your generated keys. All cryptographic operations are performed entirely in your browser using the Web Cryptography API. Once you leave the page, the keys are permanently deleted from memory.

JWT Secrets

What makes a good JWT secret?

A good JWT secret should be:

  • At least 32 characters long
  • Random and unpredictable
  • Include a mix of uppercase, lowercase, numbers, and special characters
  • Unique for each application or environment
  • Regularly rotated as part of security best practices

How often should I rotate my JWT secrets?

We recommend rotating JWT secrets at least every 90 days for production environments. However, the exact frequency should depend on your security requirements, compliance needs, and risk assessment. More frequent rotation provides better security but requires more operational overhead.

Technical Questions

Which algorithms are supported?

Our tools support all standard JWT signing algorithms, including:

  • HS256 (HMAC with SHA-256)
  • HS384 (HMAC with SHA-384)
  • HS512 (HMAC with SHA-512)
  • RS256 (RSA with SHA-256)
  • ES256 (ECDSA with SHA-256)

Can I use these tools in a production environment?

While our tools generate cryptographically secure keys suitable for production use, we recommend following your organization's security policies and compliance requirements. For production deployments, consider our enterprise solutions that provide additional security features and support.

Enterprise Solutions

What additional features are available in the enterprise version?

Enterprise solutions include:

  • Custom key management infrastructure
  • Automated key rotation
  • Audit logging and compliance reporting
  • 24/7 technical support
  • Custom integration assistance
  • Service Level Agreements (SLAs)

How do I get enterprise support?

To learn more about our enterprise solutions, visit our Request for Quote (RFQ) page or contact our sales team through the website. We'll work with you to understand your requirements and provide a customized solution.

Troubleshooting

What browsers are supported?

Our tools work on all modern browsers that support the Web Cryptography API, including:

  • Google Chrome (latest version)
  • Mozilla Firefox (latest version)
  • Microsoft Edge (latest version)
  • Safari (latest version)

What should I do if I encounter an error?

If you encounter any issues while using our tools:

  • Ensure you're using a supported browser version
  • Clear your browser cache and reload the page
  • Check our documentation for known issues and solutions
  • Contact our support team through the website if the issue persists

Still Have Questions?

If you couldn't find the answer to your question, please don't hesitate to contact us through our website. We're here to help!