Skip to main content
The secret command generates a cryptographically secure random key for encrypting paqet traffic.

Syntax

paqet secret

Description

This command generates a 32-byte (256-bit) cryptographically secure random key and prints it in hexadecimal format. The key is generated using Go’s crypto/rand package, which provides secure random number generation suitable for cryptographic purposes.

What It Generates

  • Key Length: 32 bytes (256 bits)
  • Format: Hexadecimal string (64 characters)
  • Randomness: Cryptographically secure random bytes

Usage Example

paqet secret

Example Output

7f3c8a9e1b4d6f2a8c5e9d7b3f1a4c8e6d2f9b7a5c3e1d8f6a4b2c9e7d5f3a1b

Where to Use the Key

Copy the generated key and paste it into your config.yaml file under the transport.kcp.key field: 
transport:
  kcp:
    key: "7f3c8a9e1b4d6f2a8c5e9d7b3f1a4c8e6d2f9b7a5c3e1d8f6a4b2c9e7d5f3a1b"
    block: "aes"  # Encryption algorithm
Keep your key secure: This encryption key protects all traffic between your paqet client and server. Store it securely and never commit it to version control. Use the same key on both client and server for them to communicate.
Generate a new key for each deployment or environment. Don’t reuse keys across different paqet installations.

Security Best Practices

  1. Generate a unique key for each client-server pair
  2. Store keys securely (use environment variables or secret management systems)
  3. Rotate keys periodically
  4. Never share keys over insecure channels
  5. Add config.yaml to .gitignore to prevent accidental commits
The key is used with the encryption algorithm specified in transport.kcp.block (such as AES, Salsa20, or ChaCha20) to ensure both confidentiality and integrity of your traffic.

Build docs developers (and LLMs) love

Get started for freeTalk to us