Python API
Secrets
- class RPA.Robocorp.Vault.BaseSecretManager
Bases:
object
Abstract class for secrets management. Should be used as a base-class for any adapter implementation.
- abstract get_secret(secret_name)
Return
Secret
object with given name.
- class RPA.Robocorp.Vault.FileSecrets(secret_file='secrets.json')
Bases:
BaseSecretManager
Adapter for secrets stored in a database file. Supports only plaintext secrets, and should be used mainly for debugging.
The path to the secrets file can be set with the environment variable
RPA_SECRET_FILE
, or as an argument to the library.The format of the secrets file should be one of the following:
{ "name1": { "key1": "value1", "key2": "value2" }, "name2": { "key1": "value1" } }
OR
name1: key1: value1 key2: value2 name2: key1: value1
- SERIALIZERS = {'.json': (<function load>, <function dump>), '.yaml': (<function full_load>, <function dump>)}
- get_secret(secret_name)
Get secret defined with given name from file.
- Parameters
secret_name – Name of secret to fetch
- Returns
Secret object
- Raises
KeyError – No secret with given name
- load()
Load secrets file.
- save()
Save the secrets content to disk.
- class RPA.Robocorp.Vault.RobocorpVault(*args, **kwargs)
Bases:
BaseSecretManager
Adapter for secrets stored in Robocorp Vault.
The following environment variables should exist:
RC_API_SECRET_HOST: URL to Robocorp Secrets API
RC_API_SECRET_TOKEN: API token with access to Robocorp Secrets API
RC_WORKSPACE_ID: Robocorp Workspace ID
If the robot run is started from the Robocorp Control Room these environment variables will be configured automatically.
- ENCRYPTION_SCHEME = 'robocloud-vault-transit-v2'
- create_public_key_url()
Create a URL for encryption public key.
- create_secret_url(name)
Create a URL for a specific secret.
- get_publickey() bytes
Get the public key for AES encryption with the existing token.
- get_secret(secret_name)
Get secret defined with given name from Robocorp Vault.
- Parameters
secret_name – Name of secret to fetch
- Returns
Secret object
- Raises
RobocorpVaultError – Error with API request or response payload
- property headers
Default request headers.
- property params
Default request parameters.
- set_secret(secret: Secret) None
Set the secret value in the Vault. Note that the secret possibly consists of multiple key-value pairs, which will all be overwritten with the values given here. So don’t try to update only one item of the secret, update all of them.
- Parameters
secret – A
Secret
object
- exception RPA.Robocorp.Vault.RobocorpVaultError
Bases:
RuntimeError
Raised when there’s problem with reading from Robocorp Vault.
- args
- with_traceback()
Exception.with_traceback(tb) – set self.__traceback__ to tb and return self.
- class RPA.Robocorp.Vault.Secret(name, description, values)
Bases:
Mapping
Container for a secret with name, description, and multiple key-value pairs. Immutable and avoids logging internal values when possible.
- Parameters
name – Name of secret
description – Human-friendly description for secret
values – Dictionary of key-value pairs stored in secret
- property description
- get(k[, d]) D[k] if k in D, else d. d defaults to None.
- items() a set-like object providing a view on D's items
- keys() a set-like object providing a view on D's keys
- property name
- update(kvpairs)
- values() an object providing a view on D's values
- class RPA.Robocorp.Vault.Vault(*args, **kwargs)
Bases:
object
Vault is a library for interacting with secrets stored in the Robocorp Control Room Vault (by default) or file-based secrets, which can be taken into use by setting some environment variables.
Robocorp Vault relies on environment variables, which are normally set automatically by the Robocorp Work Agent or Assistant when a run is initialized by the Robocorp Control Room. When developing robots locally in VSCode, you can use the Robocorp Code Extension to set these variables automatically as well.
Alternatively, you may set these environment variable manually using rcc or directly in some other fashion. The specific variables which must exist are:
RC_API_SECRET_HOST
: URL to Robocorp Vault APIRC_API_SECRET_TOKEN
: API Token for Robocorp Vault APIRC_WORKSPACE_ID
: Control Room Workspace ID
File-based secrets can be set by defining two environment variables.
RPA_SECRET_MANAGER
: RPA.Robocorp.Vault.FileSecretsRPA_SECRET_FILE
: Absolute path to the secrets database file
Example content of local secrets file:
{ "swaglabs": { "username": "standard_user", "password": "secret_sauce" } }
OR
swaglabs: username: standard_user password: secret_sauce
Examples of Using Secrets in a Robot
Robot Framework
*** Settings *** Library Collections Library RPA.Robocorp.Vault *** Tasks *** Reading secrets ${secret}= Get Secret swaglabs Log Many ${secret} Modifying secrets ${secret}= Get Secret swaglabs ${level}= Set Log Level NONE Set To Dictionary ${secret} username nobody Set Log Level ${level} Set Secret ${secret}
Python
from RPA.Robocorp.Vault import Vault VAULT = Vault() def reading_secrets(): print(f"My secrets: {VAULT.get_secret('swaglabs')}") def modifying_secrets(): secret = VAULT.get_secret("swaglabs") secret["username"] = "nobody" VAULT.set_secret(secret)
- ROBOT_LIBRARY_DOC_FORMAT = 'REST'
- ROBOT_LIBRARY_SCOPE = 'GLOBAL'
- property adapter