Skip to content

create

Build and sign a new JWT with custom claims, an expiration, and a choice of algorithm. Outputs the signed token string to stdout.

Terminal window
jwtop create --alg <alg> (--secret <secret> | --key <pem-file>) [options]
FlagDescription
--algSigning algorithm, e.g. HS256, RS256, ES256 (required)
--secretHMAC secret string
--keyPath or URL to a PEM-encoded private key file
--claim key=valueCustom claim (repeatable)
--subSubject claim (sub)
--issIssuer claim (iss)
--audAudience claim (aud)
--expExpiration duration, e.g. 1h, 30m, 24h
--iatInclude issued-at (iat) claim set to the current time

Claim values passed via --claim or --sub/--iss/--aud are auto-parsed:

  1. Parsed as int64 if the value is a valid integer.
  2. Parsed as bool if the value is true or false.
  3. Stored as a string otherwise.

HS256 with standard claims

Terminal window
jwtop create --alg HS256 --secret mysecret \
--sub user123 --iss myapp --exp 1h --iat

HS256 with custom claims

Terminal window
jwtop create --alg HS256 --secret mysecret \
--sub user123 --claim role=admin --claim plan=pro

RS256 with a private key

Terminal window
jwtop create --alg RS256 --key /path/to/private.pem \
--sub user123 --exp 24h