Skip to content
Latchkey

openssl rand: Generate Random Tokens

openssl rand outputs N cryptographically secure random bytes, optionally hex or base64 encoded.

For a test password, a nonce, or a random ID, rand is the one-liner. Hex and base64 flags give you a copy-paste-safe string.

What it does

openssl rand generates the requested number of random bytes from the CSPRNG. -hex and -base64 encode the output so it is safe to paste into env vars, URLs, or config.

Common usage

Terminal
openssl rand -hex 16        # 32 hex chars
openssl rand -base64 24     # 32 base64 chars
openssl rand -base64 32 | tr -d '\n'   # single line

Options

FlagWhat it does
numNumber of random bytes to produce
-hexOutput as hexadecimal
-base64Output as base64
-out <file>Write bytes to a file

In CI

The byte count is bytes, not characters: -hex 16 yields 32 hex characters and -base64 24 yields 32 base64 characters. Base64 output may wrap; pipe through tr -d "\n" if you need a single line.

Common errors in CI

"Can't load /root/.rnd into RNG" or "unable to write 'random state'" on minimal images means the RANDFILE path is not writable; set RANDFILE=/dev/null or HOME=/tmp. This is harmless on OpenSSL 1.1.1+ where the RANDFILE is optional, but older builds still warn.

Related guides

Run this faster and cheaper on Latchkey managed runners. Start free →