random
Generate cryptographically secure random bytes, tokens, or passphrases using OS-level CSPRNG. Supports hex, base64, url-safe, alphanumeric, and diceware formats.
Instructions
Generate cryptographically secure random bytes, a token, or a passphrase.
All randomness is drawn from the OS CSPRNG (secrets). kind selects the
shape and which sizing arg applies: bytes|hex|urlsafe draw nbytes (default
32) random bytes — bytes renders them via output_format (hex/base64), hex
is the same bytes as hex, urlsafe is RFC 4648 url-safe base64; token is a
length-character (default 32) alphanumeric [A-Za-z0-9] string; passphrase
joins words (default 6) words with separator (default '-'), drawn from
wordlist or the bundled EFF large diceware list. Returns {kind, value,
entropy_bits}; the value is the only secret and is never logged elsewhere.
Example: random("hex", nbytes=4) -> value "6a08ed95" (8 hex chars, 32 bits)
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| kind | No | Output shape: bytes|hex|urlsafe draw `nbytes` random bytes; token is `length` alphanumeric chars; passphrase joins `words` diceware words. Default 'urlsafe'. | urlsafe |
| length | No | Character count for kind=token; default None means 32. | |
| nbytes | No | Byte count for kind=bytes/hex/urlsafe; default 32. | |
| words | No | Word count for kind=passphrase; default 6. | |
| separator | No | Joiner between passphrase words; default '-'. | - |
| wordlist | No | Custom passphrase word list; default None uses the bundled EFF large diceware list (7776 words). | |
| output_format | No | Rendering for kind=bytes (hex/base64); default 'hex'. | hex |