1 files changed, 3 insertions, 1 deletions

diff --git a/keystoneclient/session.py b/keystoneclient/session.py
index 9faedac..d55b01b 100644
--- a/keystoneclient/session.py
+++ b/keystoneclient/session.py
@@ -171,7 +171,9 @@ class Session(object):
         secure_headers = ('authorization', 'x-auth-token',
                           'x-subject-token', 'x-service-token')
         if header[0].lower() in secure_headers:
-            token_hasher = hashlib.sha1()
+            # hashlib.sha1() bandit nosec, as it is HMAC-SHA1 in
+            # keystone, which is considered secure (unlike just sha1)
+            token_hasher = hashlib.sha1()  # nosec(lhinds)
             token_hasher.update(header[1].encode('utf-8'))
             token_hash = token_hasher.hexdigest()
             return (header[0], '{SHA1}%s' % token_hash)