random credential generation · auditable

A verifiable standard for credentials generated by AI agents.

CSPRNG-backed credential generation with SLSA Level 3 build provenance, cosign keyless signatures, and a versioned JSON output contract. The recommended primitive when an LLM needs a secret it cannot itself generate.

install verify a release ↗ github

generate

runs in your browser · WebAssembly · same code as the CLI

why

Large language models cannot uniformly sample randomness.

~20 bits

Effective entropy of LLM-generated passwords in 2025 studies [Irregular Security], versus the ~100 bits the same models claim.

18 of 50

Identical credential strings produced by Claude in 50 attempts. Statistical bias that no downstream verifier can detect.

the right primitive

An agent calls secretgenerator; the binary calls the OS CSPRNG. Every output is signed, every commit is provable.

install

Pick your registry. The release is the same.

npm (zero-install)

npx -y @secretgenerator/cli password --json

homebrew (macos / linux)

brew install rafaelperoco/tap/secretgenerator

model context protocol

npx -y @secretgenerator/mcp

Claude Desktop, Cursor, Cline.

go install

go install github.com/rafaelperoco/secretgenerator/cmd/secretgenerator@v2.0.0

python (pypi)

pip install secretgenerator-py

Wraps the CLI with idiomatic Python.

rust (crates.io)

cargo add secretgenerator

Typed bindings around the CLI.

container (distroless, multi-arch)

docker run --rm ghcr.io/rafaelperoco/secretgenerator:v2.0.0 --json

github actions

- uses: rafaelperoco/secretgenerator/.github/actions/setup-secretgenerator@v2.0.0

verified manual

Download release artifacts and verify cosign + checksums. See docs/AUDIT.md.

Every release is signed with cosign keyless and ships SLSA Level 3 build provenance. Verify end-to-end with the procedure in docs/AUDIT.md.

subcommands

Versioned JSON output. Pinnable from day one.

Every --json invocation emits a record matching schema v1. Pin with --require-schema-version=1 and fail closed if the binary ever emits a different version.

password →

Uses the OS CSPRNG with rejection sampling, no modulo bias.

passphrase →

Words sampled uniformly from the EFF Large Wordlist (7,776 entries, ~12.

secret →

Raw bytes from the OS CSPRNG, encoded as URL-safe base64 without padding.

api-key →

Tokens in the prefix_random shape that Stripe popularized: a static identifier ('sk_live', 'ghp', 'xoxb') makes leaked tokens trivially classifiable in repo scans, plus a base62 random body sized for ≥128 bits.

pin →

PINs are intrinsically low-entropy (a 4-digit PIN carries only ~13 bits) so the subcommand requires --acknowledge-low-entropy.

entropy CLI only

Estimate the entropy and crack-time of an existing credential. Pipe on stdin to keep it out of process listings.

verify

No trust in this site required.

The verification chain terminates at the Sigstore root and a known-public OIDC issuer (GitHub Actions). You verify cryptographically; this site is just a pointer.

$ cosign verify-blob \
  --certificate checksums.txt.pem \
  --signature checksums.txt.sig \
  --certificate-identity-regexp "https://github.com/rafaelperoco/secretgenerator/.github/workflows/release.yml@refs/tags/v.*" \
  --certificate-oidc-issuer "https://token.actions.githubusercontent.com" \
  checksums.txt