this block is from boundary docs to create kms for worker
kms “aead” {
purpose = “worker-auth”
aead_type = “aes-gcm”
key = “8fZBjCUfN0TzjEGLQldGY4+iE9AkOvCfjh7+p0GtRBQ=”
key_id = “global_worker-auth”
}
how to generate the key here , as in docs it is mentioned :-
key - The base64-encoded 256-bit encryption key.
There are various shell commands, but a super easy way is to run boundary dev which will generate random keys and print them out in the startup information. You can just copy/paste them – they’re unique for every run of boundary dev 
Thanks @jeff , The same keys will work when running boundary server?
Sure, any base64-encoded string of the correct length will work, including those generated randomly during a dev run.
I was looking for the same, and here is what I used.
openssl rand -base64 32
This generates 32 random bytes and encodes it in base64, resulting in a 44-character base64 string.