@@david_mosquera6207 Hi David, the key is something that should be secret. Usually you hide the key in an ".env" file. So the key could be "MySecretKey", and then when it hash with HS256, the user password like "password1234" will be hashed with the string MySecretKey and make a long gibberish password. The key can be generated from the website mentioned above, or you can create your own, the key can be anything, as long it is secret! So the longer autogenerated the key is, the harder the passwords will be to hack/guess :)