diff --git a/changelogs/fragments/replace-random-with-secrets.yml b/changelogs/fragments/replace-random-with-secrets.yml
new file mode 100644
index 0000000000..b82e59e7e9
--- /dev/null
+++ b/changelogs/fragments/replace-random-with-secrets.yml
@@ -0,0 +1,4 @@
+bugfixes:
+  - random_string lookup plugin - replace ``random.SystemRandom()`` with ``secrets.SystemRandom()`` when
+    generating strings. This has no practical effect, as both are the same
+    (https://github.com/ansible-collections/community.general/pull/10893).
diff --git a/plugins/lookup/random_string.py b/plugins/lookup/random_string.py
index bd72916d92..e1003efeda 100644
--- a/plugins/lookup/random_string.py
+++ b/plugins/lookup/random_string.py
@@ -16,7 +16,7 @@ short_description: Generates random string
 version_added: '3.2.0'
 description:
   - Generates random string based upon the given constraints.
-  - Uses L(random.SystemRandom,https://docs.python.org/3/library/random.html#random.SystemRandom), so should be strong enough
+  - Uses L(secrets.SystemRandom,https://docs.python.org/3/library/secrets.html#secrets.SystemRandom), so should be strong enough
     for cryptographic purposes.
 options:
   length:
@@ -149,6 +149,7 @@ _raw:
 
 import base64
 import random
+import secrets
 import string
 
 from ansible.errors import AnsibleLookupError
@@ -178,7 +179,7 @@ class LookupModule(LookupBase):
         lower_chars = string.ascii_lowercase
         upper_chars = string.ascii_uppercase
         special_chars = string.punctuation
-        random_generator = random.SystemRandom()
+        random_generator = secrets.SystemRandom()
 
         self.set_options(var_options=variables, direct=kwargs)