diff --git a/trojan/install.go b/trojan/install.go
index 57fa8cdf..06aba33d 100644
--- a/trojan/install.go
+++ b/trojan/install.go
@@ -163,7 +163,7 @@ func InstallMysql() {
 	if choice < 0 {
 		return
 	} else if choice == 1 {
-		mysql = core.Mysql{ServerAddr: "127.0.0.1", ServerPort: util.RandomPort(), Password: util.RandString(5), Username: "root", Database: "trojan"}
+		mysql = core.Mysql{ServerAddr: "127.0.0.1", ServerPort: util.RandomPort(), Password: util.RandString(8, util.LETTER+util.DIGITS), Username: "root", Database: "trojan"}
 		InstallDocker()
 		fmt.Println(fmt.Sprintf(dbDockerRun, mysql.ServerPort, mysql.Password))
 		if util.CheckCommandExists("setenforce") {
diff --git a/trojan/user.go b/trojan/user.go
index 9bf46609..1d4e9c1f 100644
--- a/trojan/user.go
+++ b/trojan/user.go
@@ -32,8 +32,8 @@ func UserMenu() {
 
 // AddUser 添加用户
 func AddUser() {
-	randomUser := util.RandString(4)
-	randomPass := util.RandString(8)
+	randomUser := util.RandString(4, util.LETTER)
+	randomPass := util.RandString(8, util.LETTER+util.DIGITS)
 	inputUser := util.Input(fmt.Sprintf("生成随机用户名: %s, 使用直接回车, 否则输入自定义用户名: ", randomUser), randomUser)
 	if inputUser == "admin" {
 		fmt.Println(util.Yellow("不能新建用户名为'admin'的用户!"))
diff --git a/util/string.go b/util/string.go
index 38fad6fe..1364712f 100644
--- a/util/string.go
+++ b/util/string.go
@@ -27,6 +27,14 @@ const (
 	WHITE = "\033[37m"
 	// RESET 重置颜色
 	RESET = "\033[0m"
+	// LETTER 大小写英文字母常量
+	LETTER = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
+	// DIGITS 数字常量
+	DIGITS = "0123456789"
+	// SPECIALS 特殊字符常量
+	SPECIALS = "~=+%^*/()[]{}/!@#$?|"
+	// ALL 全部字符常量
+	ALL = LETTER + DIGITS + SPECIALS
 )
 
 // IsInteger 判断字符串是否为整数
@@ -36,12 +44,12 @@ func IsInteger(input string) bool {
 }
 
 // RandString 随机字符串
-func RandString(length int) string {
-	var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ")
+func RandString(length int, source string) string {
+	var runes = []rune(source)
 	b := make([]rune, length)
-	rand.Seed(time.Now().UnixNano())
+	rand.New(rand.NewSource(time.Now().UnixNano()))
 	for i := range b {
-		b[i] = letterRunes[rand.Intn(len(letterRunes))]
+		b[i] = runes[rand.Intn(len(runes))]
 	}
 	return string(b)
 }
diff --git a/web/auth.go b/web/auth.go
index a55a0567..4b42203d 100644
--- a/web/auth.go
+++ b/web/auth.go
@@ -6,6 +6,7 @@ import (
 	"github.com/gin-gonic/gin"
 	"time"
 	"trojan/core"
+	"trojan/util"
 	"trojan/web/controller"
 )
 
@@ -21,10 +22,19 @@ type Login struct {
 	Password string `form:"password" json:"password" binding:"required"`
 }
 
+func getSecretKey() string {
+	sk, _ := core.GetValue("secretKey")
+	if sk == "" {
+		sk = util.RandString(15, util.ALL)
+		core.SetValue("secretKey", sk)
+	}
+	return sk
+}
+
 func jwtInit(timeout int) {
 	authMiddleware, err = jwt.New(&jwt.GinJWTMiddleware{
-		Realm:       "k8s-manager",
-		Key:         []byte("secret key"),
+		Realm:       "trojan-manager",
+		Key:         []byte(getSecretKey()),
 		Timeout:     time.Minute * time.Duration(timeout),
 		MaxRefresh:  time.Minute * time.Duration(timeout),
 		IdentityKey: identityKey,