I am using the jsonwebtoken module for Node. How can I get a secret key for the jwt.sign function: jwt.sign(payload, secretOrPrivateKey, [options, callback])
According to the documentation:
secretOrPrivateKeyis a string, buffer, or object containing either the secret for HMAC algorithms or the PEM encoded private key for RSA and ECDSA. In case of a private key with passphrase an object { key, passphrase } can be used (based on crypto documentation), in this case be sure you pass the algorithm option.
The key used in the example was 'shhhh', but that probably isn't secure:
var jwt = require('jsonwebtoken');
var token = jwt.sign({ foo: 'bar' }, 'shhhhh');
How can I get/generate a better secret key?
To create "secure" random passwords I like to use: openssl rand -base64 60 on Linux.