Hex Key Generator

How to use this hex key generator

A hex key is a string of hexadecimal digits (0-9, a-f) derived from random bytes. Hex is a convenient way to represent raw cryptographic key material because every two characters stand for one byte — so a 32-character hex string is a 128-bit key, and a 64-character hex string is a 256-bit key. This tool runs crypto.getRandomValues, the same CSPRNG browsers use for TLS handshakes.

1. Pick a key size. 128-bit is fine for AES-128 and most HMAC use. 256-bit is the modern default for AES-256, JWT HS256 secrets, and application signing keys. 512-bit is what you want for HS512 or when you are paranoid.
2. Set a count. Generate multiple keys in one shot if you are seeding several environments (dev/staging/prod) or rotating a batch of secrets.
3. Copy and store. Paste into your secrets manager (Vault, AWS Secrets Manager, 1Password, Doppler) immediately. Hex keys are useless to humans but attacker gold if leaked.

What not to do with a hex key. Do not put it in source control, do not paste it into a chat, and do not use the same key across environments. If a key leaks, rotate it everywhere it was used. For JWT, rotating the signing key invalidates every outstanding token — which is the whole point.

Why hex instead of base64? Both encode bytes. Hex is slightly longer (2 characters per byte vs ~1.33) but is shell- and URL-safe without escaping, and every byte is exactly two characters — easy to visually verify length.