Vault is a library for interacting with secrets stored in the Robocorp Control Room Vault (by default) or file-based secrets, which can be taken into use by setting some environment variables.

Robocorp Vault relies on environment variables, which are normally set automatically by the Robocorp Work Agent or Assistant when a run is initialized by the Robocorp Control Room. When developing robots locally in VSCode, you can use the Robocorp Code Extension to set these variables automatically as well.

Alternatively, you may set these environment variable manually using rcc or directly in some other fashion. The specific variables which must exist are:

  • RC_API_SECRET_HOST: URL to Robocorp Vault API
  • RC_API_SECRET_TOKEN: API Token for Robocorp Vault API
  • RC_WORKSPACE_ID: Control Room Workspace ID

File-based secrets can be set by defining two environment variables.

  • RPA_SECRET_MANAGER: RPA.Robocorp.Vault.FileSecrets
  • RPA_SECRET_FILE: Absolute path to the secrets database file

Example content of local secrets file:

{
    "swaglabs": {
        "username": "standard_user",
        "password": "secret_sauce"
    }
}

OR

swaglabs:
    username: standard_user
    password: secret_sauce

Examples of Using Secrets in a Robot

Robot Framework

*** Settings ***
Library    Collections
Library    RPA.Robocorp.Vault

*** Tasks ***
Reading secrets
    ${secret}=    Get Secret  swaglabs
    Log Many      ${secret}

Modifying secrets
    ${secret}=          Get Secret      swaglabs
    ${level}=           Set Log Level   NONE
    Set To Dictionary   ${secret}       username    nobody
    Set Log Level       ${level}
    Set Secret          ${secret}

Python

from RPA.Robocorp.Vault import Vault

VAULT = Vault()

def reading_secrets():
    print(f"My secrets: {VAULT.get_secret('swaglabs')}")

def modifying_secrets():
    secret = VAULT.get_secret("swaglabs")
    secret["username"] = "nobody"
    secrets.set_secret(secret)