> For the complete documentation index, see [llms.txt](https://docs.uibakery.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.uibakery.io/on-premise/install-and-update/recommendations/generate-custom-secrets.md).

# Generating custom secrets

If you want to generate custom secrets values, you can do this right from your console using a simple command.

You can use the `openssl` command (commonly available on many Unix-based systems) combined with `tr` and `head` commands. Here's how you can do it for each of your requirements:

<pre class="language-bash"><code class="lang-bash"># For UI_BAKERY_JWT_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 42; echo
# For UI_BAKERY_JWT_SERVICE_ACCOUNT_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 55; echo
# For UI_BAKERY_JWT_REFRESH_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 42; echo
# For UI_BAKERY_CREDENTIALS_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 32; echo
# For UI_BAKERY_MFA_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 32; echo
# For UI_BAKERY_PROJECT_PRIVATE_KEY_SECRET
<strong>openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 32; echo
</strong># For UI_BAKERY_AUTH_DEVICE_INFO_SECRET
openssl rand -base64 100 | tr -dc 'A-Z0-9' | head -c 32; echo
</code></pre>

Alternatively, you can also use `urandom` to generate secrets:

```bash
# For UI_BAKERY_JWT_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 42 | xargs -0)
# For UI_BAKERY_JWT_SERVICE_ACCOUNT_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 55 | xargs -0)
# For UI_BAKERY_JWT_REFRESH_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 42 | xargs -0)
# For UI_BAKERY_CREDENTIALS_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 32 | xargs -0)
# For UI_BAKERY_MFA_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 32 | xargs -0)
# For UI_BAKERY_PROJECT_PRIVATE_KEY_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 32 | xargs -0)
# For UI_BAKERY_AUTH_DEVICE_INFO_SECRET
echo $(LC_ALL=C tr -cd "A-Za-z0-9" < /dev/urandom | head -c 32 | xargs -0)
```

If your installation requires **asymmetric** JWT signing, you can use RSA key pairs instead. UI Bakery supports separate RSA key pairs for access tokens, refresh tokens, and service account tokens.

Generate the keys:

```bash
# For UI_BAKERY_JWT_ACCESS_PRIVATE_KEY
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out jwt_access_private_key.pem
# For UI_BAKERY_JWT_ACCESS_PUBLIC_KEY
openssl rsa -pubout -in jwt_access_private_key.pem -out jwt_access_public_key.pem

# For UI_BAKERY_JWT_REFRESH_PRIVATE_KEY
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out jwt_refresh_private_key.pem
# For UI_BAKERY_JWT_REFRESH_PUBLIC_KEY
openssl rsa -pubout -in jwt_refresh_private_key.pem -out jwt_refresh_public_key.pem

# For UI_BAKERY_JWT_SERVICE_ACCOUNT_PRIVATE_KEY
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out jwt_service_account_private_key.pem
# For UI_BAKERY_JWT_SERVICE_ACCOUNT_PUBLIC_KEY
openssl rsa -pubout -in jwt_service_account_private_key.pem -out jwt_service_account_public_key.pem
```


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.uibakery.io/on-premise/install-and-update/recommendations/generate-custom-secrets.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.