diff --git a/assets/30-install-developer-tools.macos.sh b/assets/30-install-developer-tools.macos.sh
index 5af05ce..d23b576 100755
--- a/assets/30-install-developer-tools.macos.sh
+++ b/assets/30-install-developer-tools.macos.sh
@@ -137,6 +137,8 @@ function tech-python-configure() {
 
   python -m ensurepip
   python -m pip install --upgrade pip
+  python -m pip install \
+    jwt
 
   # TODO: Install dev tools for python
   # brew $install \
diff --git a/private_dot_local/bin/github-app-generate-jwt.py b/private_dot_local/bin/github-app-generate-jwt.py
new file mode 100644
index 0000000..a882854
--- /dev/null
+++ b/private_dot_local/bin/github-app-generate-jwt.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+import jwt
+import time
+import sys
+
+# Get PEM file path
+if len(sys.argv) > 1:
+    pem = sys.argv[1]
+else:
+    pem = input("Enter path of private PEM file: ")
+
+# Get the App ID
+if len(sys.argv) > 2:
+    app_id = sys.argv[2]
+else:
+    app_id = input("Enter your APP ID: ")
+
+# Open PEM
+with open(pem, 'rb') as pem_file:
+    signing_key = jwt.jwk_from_pem(pem_file.read())
+
+payload = {
+    # Issued at time
+    'iat': int(time.time()),
+    # JWT expiration time (10 minutes maximum)
+    'exp': int(time.time()) + 600,
+    # GitHub App's identifier
+    'iss': app_id
+}
+
+# Create JWT
+jwt_instance = jwt.JWT()
+encoded_jwt = jwt_instance.encode(payload, signing_key, alg='RS256')
+
+print(f"JWT: {encoded_jwt}")