Code Reference

Secrets

Python · Reference cheat sheet

Secrets

Python · Reference cheat sheet


📋 Overview

secrets generates cryptographically strong random numbers suitable for passwords, tokens, and auth codes. Prefer it over random whenever unpredictability matters.

🔧 Core concepts

APIRole
token_bytes(n)n random bytes
token_hex(n)Hex string (~2n chars)
token_urlsafe(n)URL-safe base64
randbelow(n)Int in 0 .. n-1
choice(seq)Secure pick from sequence
SystemRandomCSPRNG-backed random.Random API

💡 Examples

import secrets
import string

alphabet = string.ascii_letters + string.digits
password = "".join(secrets.choice(alphabet) for _ in range(20))
api_key = secrets.token_urlsafe(32)
otp = f"{secrets.randbelow(1_000_000):06d}"
import secrets
from hmac import compare_digest

expected = secrets.token_hex(16)
# constant-time compare for tokens
ok = compare_digest(expected, expected)

⚠️ Pitfalls

  • Still hash/store passwords with a KDF (e.g. hashlib.scrypt / Argon2) — don’t store raw secrets.
  • token_hex(16) is 16 bytes of entropy → 32 hex chars, not “16 hex chars”.
  • Don’t use random for session IDs or reset tokens.

On this page