diff --git a/changelogs/fragments/replace-random-with-secrets.yml b/changelogs/fragments/replace-random-with-secrets.yml
new file mode 100644
index 0000000000..b82e59e7e9
--- /dev/null
+++ b/changelogs/fragments/replace-random-with-secrets.yml
@@ -0,0 +1,4 @@
+bugfixes:
+  - random_string lookup plugin - replace ``random.SystemRandom()`` with ``secrets.SystemRandom()`` when
+    generating strings. This has no practical effect, as both are the same
+    (https://github.com/ansible-collections/community.general/pull/10893).
diff --git a/plugins/lookup/random_string.py b/plugins/lookup/random_string.py
index 881c13dab6..c74713fecc 100644
--- a/plugins/lookup/random_string.py
+++ b/plugins/lookup/random_string.py
@@ -16,7 +16,7 @@ short_description: Generates random string
 version_added: '3.2.0'
 description:
   - Generates random string based upon the given constraints.
-  - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough
+  - Uses L(secrets.SystemRandom,https://docs.python.org/3/library/secrets.html#secrets.SystemRandom), so should be strong enough
     for cryptographic purposes.
 options:
   length:
@@ -169,6 +169,7 @@ _raw:
 
 import base64
 import random
+import secrets
 import string
 
 from ansible.errors import AnsibleLookupError
@@ -209,7 +210,7 @@ class LookupModule(LookupBase):
         seed = self.get_option("seed")
 
         if seed is None:
-            random_generator = random.SystemRandom()
+            random_generator = secrets.SystemRandom()
         else:
             random_generator = random.Random(seed)