[PR #10893/14a858fd backport][stable-11] random_string: replace random.SystemRandom() with secrets.SystemRandom() (#10894)

random_string: replace random.SystemRandom() with secrets.SystemRandom() (#10893) * random_string: replace random.SystemRandom() with secrets.SystemRandom() * add the forgotten blank line * Update changelogs/fragments/replace-random-with-secrets.yml * readd the description * Update changelogs/fragments/replace-random-with-secrets.yml --------- (cherry picked from commit 14a858fd9c) Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> Co-authored-by: Thomas Sjögren <konstruktoid@users.noreply.github.com> Co-authored-by: Felix Fontein <felix@fontein.de>
2026-03-26 21:33:12 +00:00 · 2025-10-10 19:15:21 +02:00
parent f0c18ec730
commit 8685d12996
2 changed files with 7 additions and 2 deletions
--- a/plugins/lookup/random_string.py
+++ b/plugins/lookup/random_string.py
@@ -16,7 +16,7 @@ short_description: Generates random string
 version_added: '3.2.0'
 description:
  - Generates random string based upon the given constraints.
-  - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough
+  - Uses L(secrets.SystemRandom,https://docs.python.org/3/library/secrets.html#secrets.SystemRandom), so should be strong enough
    for cryptographic purposes.
 options:
  length:
@@ -169,6 +169,7 @@ _raw:

 import base64
 import random
+import secrets
 import string

 from ansible.errors import AnsibleLookupError
@@ -209,7 +210,7 @@ class LookupModule(LookupBase):
        seed = self.get_option("seed")

        if seed is None:
-            random_generator = random.SystemRandom()
+            random_generator = secrets.SystemRandom()
        else:
            random_generator = random.Random(seed)