How to generate a NextAuth Secret

A practical workflow for generating and using the secret required by NextAuth setups.

Quick answer

In NextAuth, set `NEXTAUTH_SECRET` in `.env.local` and keep the same value for the whole app. Use cryptographically secure randomness when you generate it.

Generate a NextAuth Secret

1. Generate the secret first

You can use devloom’s NextAuth Secret page or a secure random command such as `openssl`. Choose an unpredictable random value instead of something short and memorable.

openssl rand -base64 32

2. Put it in `.env.local`

Store the generated value as `NEXTAUTH_SECRET` and read it only on the server. Do not put it in frontend code or a public repository.

NEXTAUTH_SECRET=your-generated-secret

3. Be careful when rotating it

Changing the secret may invalidate existing sessions or tokens. Before rotation, check the logout impact and the re-login flow so users do not get surprised.

Do not mix development and production values
Do not change it on every deployment
Rotate intentionally if you suspect exposure

Related guides

What is a JWT Secret?

Understand the secret that sits underneath NextAuth.

How long should a JWT Secret be?

Useful if you want a length baseline before generating one.