The secrets
module in Python is designed for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets. This module provides a better security guarantee than the default pseudo-random number generator used by Python’s random
module.
Table of Contents
- Introduction
- Key Functions
secrets.choice
secrets.randbelow
secrets.randbits
secrets.token_bytes
secrets.token_hex
secrets.token_urlsafe
- Examples
- Generating Secure Tokens
- Generating Secure Passwords
- Generating Random Numbers and Bits
- Real-World Use Case
- Conclusion
- References
Introduction
The secrets
module is specifically designed for security purposes, providing cryptographically strong random numbers. This makes it the preferred module for generating secure tokens, passwords, and other secret data.
Key Functions
secrets.choice
Returns a randomly-chosen element from a non-empty sequence.
import secrets
choices = ['apple', 'banana', 'cherry']
choice = secrets.choice(choices)
print(f'Random choice: {choice}')
secrets.randbelow
Returns a random integer in the range [0, n)
.
import secrets
rand_num = secrets.randbelow(10)
print(f'Random number below 10: {rand_num}')
secrets.randbits
Returns an integer with k
random bits.
import secrets
rand_bits = secrets.randbits(16)
print(f'Random 16-bit number: {rand_bits}')
secrets.token_bytes
Returns a random byte string containing n
bytes.
import secrets
token = secrets.token_bytes(16)
print(f'Random byte token: {token}')
secrets.token_hex
Returns a random text string, in hexadecimal.
import secrets
token = secrets.token_hex(16)
print(f'Random hex token: {token}')
secrets.token_urlsafe
Returns a random URL-safe text string.
import secrets
token = secrets.token_urlsafe(16)
print(f'Random URL-safe token: {token}')
Examples
Generating Secure Tokens
import secrets
# Generate a secure random byte token
token_bytes = secrets.token_bytes(16)
print(f'Random byte token: {token_bytes}')
# Generate a secure random hex token
token_hex = secrets.token_hex(16)
print(f'Random hex token: {token_hex}')
# Generate a secure random URL-safe token
token_urlsafe = secrets.token_urlsafe(16)
print(f'Random URL-safe token: {token_urlsafe}')
Generating Secure Passwords
import secrets
import string
alphabet = string.ascii_letters + string.digits
password = ''.join(secrets.choice(alphabet) for _ in range(12))
print(f'Generated secure password: {password}')
Generating Random Numbers and Bits
import secrets
# Generate a random number below 100
rand_num = secrets.randbelow(100)
print(f'Random number below 100: {rand_num}')
# Generate a random 32-bit number
rand_bits = secrets.randbits(32)
print(f'Random 32-bit number: {rand_bits}')
Real-World Use Case
Creating API Keys
You can use the secrets
module to generate API keys for your application.
import secrets
def generate_api_key(length=32):
return secrets.token_urlsafe(length)
# Example usage
api_key = generate_api_key()
print(f'Generated API key: {api_key}')
Generating a Secure CSRF Token
Cross-Site Request Forgery (CSRF) tokens can be generated securely using the secrets
module.
import secrets
def generate_csrf_token():
return secrets.token_urlsafe(32)
# Example usage
csrf_token = generate_csrf_token()
print(f'Generated CSRF token: {csrf_token}')
Conclusion
The secrets
module in Python provides an easy and secure way to generate cryptographic random numbers, making it ideal for generating passwords, tokens, and other security-related data. Its use of cryptographically secure random numbers ensures that the generated values are suitable for security-sensitive applications.