Right now secrets module uses SystemRandom which is hardcoded to use os.urandom() which is fine for most users but some have good hardware sources of entropy (or otherwise replenish entropy pool) in which case it would be much better to use getrandom() with GRND_RANDOM flag i.e. to read from /dev/random pool.

Simply subclassing SystemRandom is not enough, the idea is to make it possible for every library and program to use the big entropy pool if it's available. So I'm thinking it would be best to configure it with an environment variable, something like PYTHONTRUERANDOM or PYTHONDEVRANDOM.

Admittedly, only a small subset of users would benefit from this but changes required are also small and I'm willing to do all the work here. Are there any reason this patch won't be accepted? Any preferences regarding variable name?