Seven things it does carefully.
Five presets
Strong Password (16), API Key (32), Hex String (64), PIN Code (6 digits), Readable Code (no ambiguous characters). Pick and go.
Customisable charset
Toggle uppercase, lowercase, digits, symbols. Compose your own pool when the presets don't fit.
Length 1 – 100
From 4-digit PIN to a 100-character secret. Set the length once; the generator obeys.
Per-class minimums
Enforce "at least 2 digits" or "at least 1 symbol" — the kind of rule strict password policies still require.
Bulk generation
Up to 20 strings per click. Output as a list, copy individually or all at once.
Rejection sampling
Drawing from SecRandomCopyBytes with rejection sampling eliminates modulo bias — every character has equal probability.
State persistence
Length, charset, and rule preferences stick across sessions.
Four moves to a fresh secret.
Pick a preset
Or choose "custom" and toggle character classes by hand.
Set length and rules
Length, plus minimum counts per class if you need them.
Generate
One string or twenty. Sub-second, even at 100 characters × 20.
Copy
One-click copy on each, or "copy all" for the whole list.
The work it actually does.
Strong passwords
Generate one for the user account you're creating; remember to store it somewhere.
Secret keys
Mint API keys, service tokens, and webhook secrets with the right entropy.
Test fixtures
Bulk-generate IDs, slugs, and tokens for seed scripts.
OAuth state
Generate state and nonce values for OAuth flows.
Readable codes
The Readable preset omits ambiguous characters — useful when humans will read or type the result.
HMAC keys
Generate hex strings of the right length for HMAC-256/384/512 secrets.
Things people ask before they download.
Where does the randomness come from?
From SecRandomCopyBytes, the macOS CSPRNG. Suitable for passwords, API keys, and security tokens.
Is there modulo bias?
No. The generator uses rejection sampling — drawing more bytes than strictly needed and discarding values that would skew the distribution.
What's in each preset?
Strong Password: 16 chars, all classes. API Key: 32 chars, alphanumeric. Hex String: 64 hex chars. PIN: 6 digits. Readable: no 0/O, 1/l/I, etc.
Can I enforce minimums per class?
Yes. Toggle "at least N digits / uppercase / symbols" — the generator re-rolls until the constraint is met (or warns if the constraint is impossible for the chosen length).
How many at once?
Up to 20 per generation. The whole list copies in one click.
Are generated strings stored?
Only in your local session, until you regenerate. Nothing leaves your machine.