Password & Token Generator

Configure length and character sets, then generate one or more passwords. Avoid ambiguous characters for easier manual typing when needed.

Advanced password policy

Minimum lowercase Minimum uppercase Minimum digits Minimum symbols Max length Excluded symbols Required symbols set

Composition rules are optional. Prefer longer randomly generated passwords or passphrases when possible.

Generate random tokens for API keys, test IDs or session values. Choose hex, Base62 or a custom character set.

Generate memorable passphrases from a built-in safe wordlist. No wordlist is fetched remotely.

Generate random integers between a minimum and maximum value. Useful for test data and sampling.

Generate short numeric test codes. Short PINs are suitable only with rate limiting and expiration.

Export the latest generated values as lines, CSV, JSON, `.env`, Java properties, Postman environment JSON, Kubernetes Secret YAML, or a masked report.

• Values are generated locally in your browser using `crypto.getRandomValues()`.
• If browser cryptographic randomness is unavailable, this tool fails instead of using `Math.random()`.
• Use a password manager for real passwords and do not reuse passwords.
• Use byte-length random tokens for API secrets, HMAC keys, JWT HS secrets, OAuth state, nonce, and reset tokens.
• Short PINs need rate limiting and expiration. Do not use short PINs as long-lived secrets.
• Composition rules are less important than sufficient length and randomness.
• Generated secrets are not stored by this page by default. Do not share raw secrets in screenshots, chats, or links.

Share safety: encrypted share links can include visible page outputs. Use the masked report/export when you need to document settings without exposing values.

Generate a value, then choose a handoff. Raw secret handoffs require an explicit click.