openssl rand: Generate Random Tokens
openssl rand outputs N cryptographically secure random bytes, optionally hex or base64 encoded.
For a test password, a nonce, or a random ID, rand is the one-liner. Hex and base64 flags give you a copy-paste-safe string.
What it does
openssl rand generates the requested number of random bytes from the CSPRNG. -hex and -base64 encode the output so it is safe to paste into env vars, URLs, or config.
Common usage
openssl rand -hex 16 # 32 hex chars
openssl rand -base64 24 # 32 base64 chars
openssl rand -base64 32 | tr -d '\n' # single lineOptions
| Flag | What it does |
|---|---|
| num | Number of random bytes to produce |
| -hex | Output as hexadecimal |
| -base64 | Output as base64 |
| -out <file> | Write bytes to a file |
In CI
The byte count is bytes, not characters: -hex 16 yields 32 hex characters and -base64 24 yields 32 base64 characters. Base64 output may wrap; pipe through tr -d "\n" if you need a single line.
Common errors in CI
"Can't load /root/.rnd into RNG" or "unable to write 'random state'" on minimal images means the RANDFILE path is not writable; set RANDFILE=/dev/null or HOME=/tmp. This is harmless on OpenSSL 1.1.1+ where the RANDFILE is optional, but older builds still warn.