Ever wonder how Rails generates its secret keys stored in config/secrets.yml?

It uses the SecureRandom library, built into Ruby.

# rails/tasks/misc.rake

desc "Generate a cryptographically secure secret key (this is typically used to generate a secret for cookie sessions)."
task :secret do
  require "securerandom"
  puts SecureRandom.hex(64)


If you ever need to generate a new secret key, run…

$ rake secret  # from your rails app
$ ruby -e "require 'securerandom'; puts SecureRandom.hex(64)"  # from anywhere

SecureRandom also contains methods for generating UUIDs, random base64 strings, and random binary strings.

If you need a URL-safe key, say for API key generation, Ruby has you covered.