diff --git a/code/src/com/sixsq/nuvla/server/resources/common/utils.clj b/code/src/com/sixsq/nuvla/server/resources/common/utils.clj
index dd30419f7..3a749c8f4 100644
--- a/code/src/com/sixsq/nuvla/server/resources/common/utils.clj
+++ b/code/src/com/sixsq/nuvla/server/resources/common/utils.clj
@@ -148,6 +148,10 @@
        (secure-rand-int)
        (+ min))))
 
+(defn secure-rand-nth
+  [coll]
+  (nth coll (secure-rand-int (count coll))))
+
 
 ;;
 ;; utilities for handling common attributes
diff --git a/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj b/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj
index 6eda2ef2f..bacb3d997 100644
--- a/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj
+++ b/code/src/com/sixsq/nuvla/server/resources/credential/key_utils.clj
@@ -1,6 +1,7 @@
 (ns com.sixsq.nuvla.server.resources.credential.key-utils
   (:require
     [buddy.hashers :as hashers]
+    [com.sixsq.nuvla.server.resources.common.utils :as u]
     [clojure.string :as str])
   (:import (java.io ByteArrayOutputStream DataOutputStream StringWriter)
            (java.security KeyPairGenerator)
@@ -50,7 +51,7 @@
   "Generates a random string to act as a secret API key and then returns a
    tuple with that string and its digest value."
   []
-  (let [secret (->> (repeatedly #(rand-nth secret-chars))
+  (let [secret (->> (repeatedly #(u/secure-rand-nth secret-chars))
                     (sequence secret-xform)
                     (str/join "."))]
     [secret (digest secret)]))