Vault is a library for interacting with secrets stored in the Robocorp Control Room Vault (by default) or file-based secrets, which can be taken into use by setting some environment variables.
Robocorp Vault relies on environment variables, which are normally set automatically by the Robocorp Work Agent or Assistant when a run is initialized by the Robocorp Control Room. When developing robots locally in VSCode, you can use the Robocorp Code Extension to set these variables automatically as well.
Alternatively, you may set these environment variable manually using rcc or directly in some other fashion. The specific variables which must exist are:
- RC_API_SECRET_HOST: URL to Robocorp Vault API
- RC_API_SECRET_TOKEN: API Token for Robocorp Vault API
- RC_WORKSPACE_ID: Control Room Workspace ID
File-based secrets can be set by defining two environment variables.
- RPA_SECRET_MANAGER: RPA.Robocorp.Vault.FileSecrets
- RPA_SECRET_FILE: Absolute path to the secrets database file
Example content of local secrets file:
{ "swaglabs": { "username": "standard_user", "password": "secret_sauce" } }
OR
swaglabs:
username: standard_user
password: secret_sauce
Examples of Using Secrets in a Robot
Robot Framework
*** Settings ***
Library Collections
Library RPA.Robocorp.Vault
*** Tasks ***
Reading secrets
${secret}= Get Secret swaglabs
Log Many ${secret}
Modifying secrets
${secret}= Get Secret swaglabs
${level}= Set Log Level NONE
Set To Dictionary ${secret} username nobody
Set Log Level ${level}
Set Secret ${secret}
Python
from RPA.Robocorp.Vault import Vault
VAULT = Vault()
def reading_secrets():
print(f"My secrets: {VAULT.get_secret('swaglabs')}")
def modifying_secrets():
secret = VAULT.get_secret("swaglabs")
secret["username"] = "nobody"
VAULT.set_secret(secret)
Importing
The selected adapter can be set with the environment variable RPA_SECRET_MANAGER, or the keyword argument default_adapter. Defaults to Robocorp Vault if not defined.
All other library arguments are passed to the adapter.
param default_adapter: | |
---|---|
Override default secret adapter |