diff --git a/src/console/GenerateRSAPair.js b/src/console/GenerateRSAPair.js
new file mode 100644
index 0000000000000000000000000000000000000000..75b4aa50ffacf343df4397b5351a7b89fc9c027a
--- /dev/null
+++ b/src/console/GenerateRSAPair.js
@@ -0,0 +1,19 @@
+module.exports = {
+	command: 'crypto:rsa:generate',
+	description: 'Generate an RSA key pair, encoded as Base64',
+	async handler(args) {
+		const  { generateRsaKeys } = require('core/utils/jwt')
+		const  { secureHexString, toBase64 } = require('core/utils/crypto')
+
+		const key = await secureHexString(16)
+		const { pub, priv } = await generateRsaKeys(key)
+
+		console.log({
+			passphrase: key,
+			public_key: toBase64(pub),
+			private_key: toBase64(priv),
+		})
+
+		process.exit(0)
+	},
+}
diff --git a/src/core/utils/jwt.js b/src/core/utils/jwt.js
index fe2208a7e332729ef11926762fe27de531d7c31e..6114e4d5c6501b43b785c7aacd339e64a7a6ed1e 100644
--- a/src/core/utils/jwt.js
+++ b/src/core/utils/jwt.js
@@ -1,5 +1,6 @@
 const { generateKeyPair, createPublicKey, createPrivateKey } = require('crypto')
-async function generateRsaKeys() {
+
+exports.generateRsaKeys = async (pass = null) => {
 	const { config } = require('bootstrap')
 	return new Promise((resolve, reject) => {
 		generateKeyPair(
@@ -14,7 +15,7 @@ async function generateRsaKeys() {
 					type: 'pkcs8',
 					format: 'pem',
 					cipher: 'aes-256-cbc',
-					passphrase: config('app.key'),
+					passphrase: pass ?? config('app.key'),
 				},
 			},
 			(err, pub, priv) => {
@@ -27,6 +28,7 @@ async function generateRsaKeys() {
 		)
 	})
 }
+const generateRsaKeys = exports.generateRsaKeys
 
 exports.getKeys = () => {
 	const { config } = require('bootstrap')