Secrets
Python · Reference cheat sheet
Secrets
Python · Reference cheat sheet
📋 Overview
secrets generates cryptographically strong random numbers suitable for passwords, tokens, and auth codes. Prefer it over random whenever unpredictability matters.
🔧 Core concepts
| API | Role |
|---|---|
token_bytes(n) | n random bytes |
token_hex(n) | Hex string (~2n chars) |
token_urlsafe(n) | URL-safe base64 |
randbelow(n) | Int in 0 .. n-1 |
choice(seq) | Secure pick from sequence |
SystemRandom | CSPRNG-backed random.Random API |
💡 Examples
import secrets
import string
alphabet = string.ascii_letters + string.digits
password = "".join(secrets.choice(alphabet) for _ in range(20))
api_key = secrets.token_urlsafe(32)
otp = f"{secrets.randbelow(1_000_000):06d}"import secrets
from hmac import compare_digest
expected = secrets.token_hex(16)
# constant-time compare for tokens
ok = compare_digest(expected, expected)⚠️ Pitfalls
- Still hash/store passwords with a KDF (e.g.
hashlib.scrypt/ Argon2) — don’t store raw secrets. token_hex(16)is 16 bytes of entropy → 32 hex chars, not “16 hex chars”.- Don’t use
randomfor session IDs or reset tokens.