Secure Code Kit

bassim3qazi · May 4, 2026, 5:18pm

I just released my new Bubble plugin: Secure Code Kit.

Secure Code Kit helps Bubble builders generate and verify secure codes for PINs, OTPs, magic links, email verification, password resets, invite flows, access codes, passwordless logins, and other code-based workflows.

Instead of storing the plain code or token in your Bubble database, the plugin returns a secure hash that can be saved and verified later. This makes your code-based workflows safer and cleaner without needing to build the hashing and verification logic from scratch.

You can customize codes with numbers, uppercase letters, lowercase letters, special characters, expiration times, attempt limits, and one-time-use protection.

Secure Code Kit also lets you bind a code or token to a specific purpose, such as login, password reset, invite, magic login, or email verification, and to a user identifier like an email, username, phone number, or user ID. This helps prevent codes from being reused in the wrong place or by the wrong user.

For magic links, you can generate a longer secure token, add it to a URL, and verify it when the user opens the link. This makes it easier to build passwordless login links, invite links, password reset links, temporary access links, and email verification links.

Use Secure Code Kit when you want simple, flexible, and safer code verification in Bubble without managing hashing, expiration, lockouts, and one-time-use logic yourself.

I would love to hear feedback from the Bubble community. Feel free to share suggestions, report any issues, or reach out directly with plugin ideas you would like to see.

Plugin Page:

Demo:
https://addressflow-demo-page.bubbleapps.io/version-test/secure_code_kit?debug_mode=true

Editor:
https://bubble.io/page?id=addressflow-demo-page&test_plugin=1777788133659x929861495602806800_current&tab=Design&name=secure_code_kit&ai_generated=true&type=page&elements=bTGaR

bassim3qazi · May 5, 2026, 7:02am

I just released a new update for Secure Code Kit.

Secure Code Kit already helps Bubble builders generate and verify secure codes for PINs, OTPs, magic links, password resets, invite flows, email verification, access codes, and passwordless login workflows without storing plain codes or tokens in the database.

This update adds expanded hashing options, including SHA-256, SHA-512, HMAC-SHA-256, and HMAC-SHA-512. HMAC methods use a private plugin secret key, giving apps stronger protection for short codes, PINs, OTPs, and custom hashed inputs.

The plugin still supports purpose binding, user identifier binding, expiration times, attempt limits, one-time-use protection, Hash Input, and Verify Hash Input.

This makes Secure Code Kit more flexible for both simple code verification and stronger security workflows where database-only hash exposure is a concern.

Feedback and suggestions are always welcome.

Topic		Replies	Views
[FREE PLUGIN] Easy OTP Input Plugins	15	2379	December 17, 2024
Secqure Passwordless Login - magic link and otp Plugins	4	1050	March 22, 2022
SAWO - Passwordless Authentication Plugin for Bubble :rocket: Plugins	3	1703	February 2, 2022
[PLUGIN RELEASE] GS Microsoft Authenticator – Easy TOTP-Based 2FA for Your Bubble App 🔐 Plugins	0	56	August 5, 2025
Base64, Hash & HMAC Encryptor - New plugin from Zeroqode Showcase	30	6490	December 20, 2021

Secure Code Kit

Related topics