Skip to main content Brad's PyNotes

Secrets Module: Cryptographically Secure Random Generation

TL;DR

The secrets module provides cryptographically secure random generation for passwords, tokens, and security keys - use it instead of the random module for any security-sensitive applications.

Interesting!

The secrets module uses your operating system’s most secure randomness source, making it suitable for generating passwords, authentication tokens, and cryptographic keys that attackers cannot predict.

Token Generation

Secure Random Tokens

python code snippet start

import secrets

# Generate secure random bytes
token_bytes = secrets.token_bytes(32)  # 32 bytes = 256 bits
print(token_bytes.hex())

# Generate hex token
token_hex = secrets.token_hex(16)  # 32 character hex string
print(token_hex)

# Generate URL-safe token
token_url = secrets.token_urlsafe(32)  # Base64 encoded
print(token_url)

python code snippet end

Secure Password Generation

python code snippet start

import secrets
import string

# Generate strong password
def generate_password(length=12):
    alphabet = string.ascii_letters + string.digits + '!@#$%^&*'
    return ''.join(secrets.choice(alphabet) for _ in range(length))

password = generate_password(16)
print(password)  # e.g., 'Kp9#mR2$vL5nQ8wX'

python code snippet end

Security Applications

API Keys and Session Tokens

python code snippet start

# Generate secure API key
api_key = secrets.token_urlsafe(32)

# Generate session token
session_token = secrets.token_hex(24)

# Password reset token
reset_token = secrets.token_urlsafe(16)

python code snippet end

Secure Random Choice

python code snippet start

# Secure random selection
users = ['alice', 'bob', 'charlie']
winner = secrets.choice(users)

# Secure random integer
random_port = secrets.randbelow(10000) + 50000

python code snippet end

Why Use Secrets?

  • Cryptographically secure: Uses OS entropy sources
  • Unpredictable: Cannot be reproduced or predicted
  • Security-focused: Designed specifically for sensitive data
  • Simple API: Easy to use for common security tasks

Never use the random module for security-sensitive applications - always use secrets. For secure applications, combine secrets with understanding random vs secrets and string constants for password generation . Use with UUID generation for unique identifiers and database storage for token management.

Reference: Python Secrets Documentation