# secrets module

**Purpose**

The secrets module is designed for cryptographically secure random number generation, specifically for security-sensitive use cases such as:

* Authentication tokens
* Password reset links
* API keys
* Session identifiers
* CSRF tokens

It provides higher security guarantees than the random module by relying on the operating system’s cryptographically strong entropy sources.

| Aspect               | `random`                  | `secrets`                  |
| -------------------- | ------------------------- | -------------------------- |
| Security             | ❌ Not secure              | ✅ Cryptographically secure |
| Predictability       | Predictable if seed known | Unpredictable              |
| Use case             | Simulations, games        | Tokens, passwords, keys    |
| Backed by OS entropy | ❌                         | ✅                          |


### secrets.token_bytes(nbytes=32)

Generates random bytes suitable for cryptographic use.

In [5]:
import secrets
import os

In [6]:
token = secrets.token_bytes(32)
token1 = secrets.token_hex(32)
token2 = secrets.token_urlsafe(32)

In [7]:
print(token.hex())
print(token1)
print(token2)

878371db651807b33dec01c0abaabe974c3d611f547fcfb6a6d9cdeddc7b76f4
bc9758d792b1465b01f301a4a9f5af653bb69b1bc4fe1eb95fc3956bb6e011bc
RJeF_Gobf07KuilhqWVsKUD6z-KFBOBLNiATxs-5qcU


### secrets.choice(sequence)

In [8]:
import string

alphabet = string.ascii_letters + string.digits
password = secrets.choice(alphabet)
"".join([secrets.choice(alphabet) for _ in range(12)])

'5Tvr6pNRGULp'

**hmac:** Provides message authentication by combining a secret key with a hash function to verify data integrity and authenticity.

**hashlib:** Generates cryptographic hash digests for data integrity, fingerprinting, and secure password derivation (without authentication by itself).

**secrets:** Generates cryptographically secure random values for tokens, passwords, and sensitive security-related data.