Random Hex & Secret Generator
Generate a cryptographically secure random secret — in hex, base64url or base64 — with the exact length you need. Perfect for secret keys, tokens, nonces and API secrets. Everything happens in your browser.
32 bytes · 256 bits of entropy · 64 hex chars
Generated in your browser with the Web Crypto API (crypto.getRandomValues). Nothing is sent to a server.
Secure by design — it never leaves your browser
A secret is only secret if nobody else sees it. This generator uses the browser’s Web Crypto API (crypto.getRandomValues) to produce cryptographically strong random bytes locally— nothing is sent to us or logged anywhere. Refresh and it’s gone.
How much length do I need?
- 16 bytes (128 bits) — fine for most tokens and nonces.
- 32 bytes (256 bits) — the sweet spot for secret keys, session secrets, `CRON_SECRET`, webhook signing keys.
- 64 bytes (512 bits) — for high-value long-lived secrets.
Length is set in bytes; hex output is twice as many characters (1 byte = 2 hex chars), while base64url packs the same entropy into fewer characters.
Which format?
- hex — the universal, copy-anywhere choice; only
0–9a–f. - base64url — shorter, URL- and filename-safe (no
+ / =); great for tokens in URLs. - base64 — standard base64, compact but not URL-safe.
Related
Frequently asked questions
▸ ▾ Is this random-number generator secure?
Yes — it uses the Web Crypto API (crypto.getRandomValues), which is a cryptographically secure random source, unlike Math.random(). The value is generated in your browser and never transmitted.
▸ ▾ Can I choose the length?
Yes — set it in bytes (1 to 512). Hex output is twice as many characters as bytes; base64url is more compact for the same entropy.
▸ ▾ What should I use for a secret key?
32 bytes (256 bits) is a solid default for most secret keys, session secrets and webhook signing keys.