openssl rand -base64 32

then in a .env file add something like

AUTH_SECRET=<generated secret-key>