diff --git a/templates/_secrets.tpl b/templates/_secrets.tpl
index da46f51..5e2c4b7 100644
--- a/templates/_secrets.tpl
+++ b/templates/_secrets.tpl
@@ -115,6 +115,8 @@ The order in which this function returns a secret password:
     {{- $password = randAscii $passwordLength }}
     {{- $password = regexReplaceAllLiteral "\\W" $password "@" | substr 5 $passwordLength }}
     {{- $password = printf "%s%s" $subStr $password | toString | shuffle | b64enc | quote }}
+  {{- else if .hex }}
+    {{- $password = include "common.secrets.randHex" $passwordLength | b64enc | quote }}
   {{- else }}
     {{- $password = randAlphaNum $passwordLength | b64enc | quote }}
   {{- end }}
@@ -122,6 +124,23 @@ The order in which this function returns a secret password:
 {{- printf "%s" $password -}}
 {{- end -}}
 
+{{- /*
+    Returns given number of random Hex characters.
+    - randNumeric 4 | atoi generates a random number in [0, 10^4)
+      This is a range evenly divisble by 16, but even if off by one,
+      that last partial interval offsetting randomness is only 1 part in 625.
+    - mod N 16 maps to the range 0-15
+    - printf "%x" represents a single number 0-15 as a single hex character
+*/}}
+{{- define "common.secrets.randHex" -}}
+    {{- $result := "" }}
+    {{- range $i := until . }}
+        {{- $rand_hex_char := mod (randNumeric 4 | atoi) 16 | printf "%x" }}
+        {{- $result = print $result $rand_hex_char }}
+    {{- end }}
+    {{- $result }}
+{{- end }}
+
 {{/*
 Reuses the value from an existing secret, otherwise sets its value to a default value.
 
diff --git a/values.yaml b/values.yaml
new file mode 100644
index 0000000..e69de29