Vault is a library for interacting with secrets stored in Robocorp Vault (by default) or file-based secrets, which can be taken into use by setting some environment variables.

Robocorp Vault works together with Robocorp Worker or Robocorp CLI (RCC). The following three environment variables need to exist, and are set by Robocorp Worker automatically and can be set manually with Robocorp CLI.

  • RC_API_SECRET_HOST: URL to Robocorp Vault API
  • RC_API_SECRET_TOKEN: API Token for Robocorp Vault API
  • RC_WORKSPACE_ID: Control Room Workspace ID

File-based secrets can be set by defining two environment variables.

  • RPA_SECRET_MANAGER: RPA.Robocorp.Vault.FileSecrets
  • RPA_SECRET_FILE: Absolute path to the secrets database file

Example content of local secrets file:

    "swaglabs": {
        "username": "standard_user",
        "password": "secret_sauce"


    username: standard_user
    password: secret_sauce


Robot Framework

*** Settings ***
Library    Collections
Library    RPA.Robocorp.Vault

*** Tasks ***
Reading secrets
    ${secret}=    Get Secret  swaglabs
    Log Many      ${secret}

Modifying secrets
    ${secret}=          Get Secret      swaglabs
    ${level}=           Set Log Level   NONE
    Set To Dictionary   ${secret}       username    nobody
    Set Log Level       ${level}
    Set Secret          ${secret}


from RPA.Robocorp.Vault import Vault

VAULT = Vault()

def reading_secrets():
    print(f"My secrets: {VAULT.get_secret('swaglabs')}")

def modifying_secrets():
    secret = VAULT.get_secret("swaglabs")
    secret["username"] = "nobody"