Random Hex String Generator
Cryptographically secure random bytes, hex-encoded — for API keys and app secrets.
$ openssl rand -hex 32
What is a hex secret?
A hex secret is a sequence of cryptographically random bytes encoded as hexadecimal — two characters per byte, using only 0-9 and a-f. 32 random bytes become a 64-character string carrying a full 256 bits of entropy. Hex is the least dense encoding but the most portable: no padding, no special characters, safe in URLs, config files, shell commands and environment variables without any escaping.
Common uses
Random hex strings are the standard shape for framework secrets: Rails' SECRET_KEY_BASE, Django's SECRET_KEY, Flask session keys, Express/cookie signing secrets, webhook signing tokens, or raw key material for AES-256 (32 bytes) and HMAC. This generator is the browser equivalent of openssl rand -hex 32 — same entropy, no terminal needed.
Which size should I pick?
32 bytes (256 bits) is the safe default and matches what AES-256 and SHA-256-based HMACs expect. 16 bytes (128 bits) is still computationally unbreakable and fine for identifiers and salts; 64 or 128 bytes only make sense when a spec explicitly asks for a longer key. The bytes are produced by crypto.getRandomValues() on your device and never leave your browser.
Nothing leaves your browser
- Every value comes from
crypto.getRandomValues()— the CSPRNG built into your browser, neverMath.random(). - Generated secrets are never transmitted, logged or stored: no server-side generation, no cookies, no localStorage.
- Verify it yourself in the network tab: after loading, the page only talks to our self-hosted, cookie-less analytics — which counts page views and which generator type gets copied, never any value.
- Strict Content-Security-Policy; no third-party script origins.