DEV Community

loading...
Cover image for A quick tour of the Python Secrets module

A quick tour of the Python Secrets module

1Blademaster
・3 min read

Cover photo by Shahadat Rahman on Unsplash. 📷

What is secrets?

The secrets built-in Python module is used to generate cryptographically secure random numbers, but it can be used in more than one way. You might say that you could use the random module to generate these random numbers, but the secrets module has access to the most secure source of randomness that your computer can provide. This makes it perfect for a multitude of uses such as managing passwords, authentication, and security tokens.

The module has 3 main functions which you will most likely use, but to get started you can import the module using:

import secrets
Enter fullscreen mode Exit fullscreen mode

How do I use the module?

Here we will look at the 3 most used functions in the secrets module, all of these modules can take in an integer as an argument, this depicts the number of bytes to use in the function.

The first function is token_bytes and this returns a random byte string:

secrets.token_bytes(16)
# b'\xa50\xd1\xdcE\x9d<\x12\x81<\xf4\x8b:?\xce\xfe'
Enter fullscreen mode Exit fullscreen mode

But what if you wanted to generate a random string? Well for that job you can use the token_hex function as it returns a random string of hex digits:

secrets.token_hex(16)
# 'c3696cfb5ca4605a48764a1b14c8096a'
Enter fullscreen mode Exit fullscreen mode

You might notice that the length of the string returned is exactly double the value of bytes which was passed into the function. This is because each byte consists of 8 bits, and each hex digit can represent 4 bits in total.


If you needed to use a generated token in a URL, then the token_urlsafe is for you. This will return a random string which is URL safe as it is Base64 encoded, making this function perfect for use in temporary URL's.

secrets.token_urlsafe(16)
# 'DfpKRcWH50lOVjllN4t2ww'
Enter fullscreen mode Exit fullscreen mode

Note that;

You don't actually have to pass in an integer argument, the functions are assigned a default value, which as of April 2021 is 32 bytes. This is so that any strings generated are cryptographically secure in terms of todays hardware. This means that this number might change in the future as hardware becomes more powerful and affordable. In any programs which require high security, always use a higher number of bits as that would make it much harder for someone to try and brute-force their way into your system.

An extended example

The secrets module also contains a few other functions such as choice, randbelow and randbits which perform similar operations to their counterparts in the standard random module, but with higher security measures.

One of the most popular uses of the secret module is to generate passwords, and you can also generate secure passwords with certain conditions such as:

  1. The length has to be 12 characters
  2. There must be at least 1 uppercase character
  3. There must be at least 1 lowercase character
  4. There must be at least 1 number
  5. There must be 1 special character

Final thoughts

If you want any more information, then here is a link to the official documentation on the secrets module. If you had any other questions then feel free to comment down below.

Thank you for reading! 💖

Discussion (0)