JWT Key with OpenSSL

These days, I'm doing a JSON Web Token application. The focus of this short article is just on the key. In order to generate the encrypted token signature, a secret key held on the server is required. The key is kept safe in an environment variable for live applications (in development, in the appsettings.json file). Some websites do that task, but I wouldn't recommend this approach as it is risky.

The most straightforward approach is to utilize the OpenSSL tool, available for free at this address. The installation process is pretty simple. After, run the following line in a command prompt:

openssl rand -hex 32
               

The result looks like in the image below.

And, that's it. Getting back to work, have a great day!