diff --git a/api/v1/controllers/util.mjs b/api/v1/controllers/util.mjs
index 078ec6f..cca09c3 100644
--- a/api/v1/controllers/util.mjs
+++ b/api/v1/controllers/util.mjs
@@ -25,7 +25,7 @@ import DB from '../../../lib/db.mjs'
  */
 export async function generatePassword (req, res, next) {
   const pwd = generator.generate({
-    length: Config.get().generated_password_length || 20,
+    length: req.query.length || Config.get().generated_password_length || 15,
     numbers: true,
     symbols: req?.query?.symbols !== 'false',
     lowercase: true,
diff --git a/config-skel.json b/config-skel.json
index b6e0c26..37aa3ea 100644
--- a/config-skel.json
+++ b/config-skel.json
@@ -36,5 +36,5 @@
   },
   "readonly": false,
   "enable_metrics": true,
-  "generated_password_length": 20
+  "generated_password_length": 15
 }
diff --git a/docs/apidoc/parameters/util.yaml b/docs/apidoc/parameters/util.yaml
index bab5c91..1711fb5 100644
--- a/docs/apidoc/parameters/util.yaml
+++ b/docs/apidoc/parameters/util.yaml
@@ -7,3 +7,14 @@ symbols:
   required: false
   schema:
     type: string
+
+length:
+  name: length
+  in: query
+  description: The length of the generated password
+  required: false
+  schema:
+    type: integer
+    minimum: 1
+    maximum: 50
+    default: 15
\ No newline at end of file
diff --git a/docs/apidoc/paths/utilgeneratepassword.yaml b/docs/apidoc/paths/utilgeneratepassword.yaml
index 807a381..b092ee2 100644
--- a/docs/apidoc/paths/utilgeneratepassword.yaml
+++ b/docs/apidoc/paths/utilgeneratepassword.yaml
@@ -8,6 +8,7 @@ get:
     - bearerAuth: []
   parameters:
     - $ref: '..\parameters\util.yaml#/symbols'
+    - $ref: '..\parameters\util.yaml#/length'
   responses:
     "200":
       $ref: '..\responsebodies\util.yaml#/generatepasswordsuccess'
diff --git a/docs/index.md b/docs/index.md
index b8f5316..5a79402 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -419,7 +419,7 @@ Copy `config-skel.json` to `config.json` and adjust the options (all options are
   - `max_hours`: Max one-time secrets duration, expressed in hours
 - `readonly`: true or false; if true, no write operation is allowed both for admins and non-admins (logging is still operational)
 - `enable_metrics`: true or false, enables Prometheus-formatted metrics
-- `generated_password_length`: length of random generated password, default is 20
+- `generated_password_length`: default length of random generated password (default is 15)
 
 ## 5. Prepare the database
 
diff --git a/test/generator.spec.cjs b/test/generator.spec.cjs
index 832f6a7..4bf6348 100644
--- a/test/generator.spec.cjs
+++ b/test/generator.spec.cjs
@@ -5,19 +5,21 @@ require('./common.cjs')
 describe('Generator', function () {
   it('Generate password with symbols', async () => {
     const res1 = await agent
-      .get(`${global.host}/api/v1/util/generatepassword`)
+      .get(`${global.host}/api/v1/util/generatepassword?length=25`)
       .set('Authorization', `Bearer ${global.userJWT}`)
       .catch(v => v)
 
     assert.strictEqual(res1.status, 200)
+    assert.strictEqual(res1.body.data.password.length, 25)
   })
 
   it('Generate password without symbols', async () => {
     const res1 = await agent
-      .get(`${global.host}/api/v1/util/generatepassword?symbols=false`)
+      .get(`${global.host}/api/v1/util/generatepassword?length=25&symbols=false`)
       .set('Authorization', `Bearer ${global.userJWT}`)
       .catch(v => v)
 
     assert.strictEqual(res1.status, 200)
+    assert.strictEqual(res1.body.data.password.length, 25)
   })
 })