{"id":5459,"library":"robocorp-vault","title":"Robocorp Vault","description":"Robocorp Vault is a Python library that provides an API for securely accessing secrets stored in the Robocorp Control Room Vault. It allows bots and assistants to retrieve sensitive information like usernames, passwords, and API keys. The library is part of the larger Robocorp ecosystem, offering a stable interface, with releases occurring as needed to support platform updates or introduce new features.","status":"active","version":"1.4.0","language":"en","source_language":"en","source_url":"https://github.com/robocorp/robocorp/","tags":["robocorp","secrets","vault","automation","RPA"],"install":[{"cmd":"pip install robocorp-vault","lang":"bash","label":"Install robocorp-vault"}],"dependencies":[],"imports":[{"note":"The library's internal package name is `robocorp.vault`, not `robocorp_vault`.","wrong":"from robocorp_vault import get_secret","symbol":"get_secret","correct":"from robocorp.vault import get_secret"},{"note":"Import this exception to handle cases where a requested secret does not exist.","symbol":"SecretNotFound","correct":"from robocorp.vault import SecretNotFound"},{"note":"Useful for listing available secret names, especially for debugging or dynamic access.","symbol":"get_secret_names","correct":"from robocorp.vault import get_secret_names"}],"quickstart":{"code":"import os\nfrom robocorp.vault import get_secret, SecretNotFound\n\n# This example demonstrates how to retrieve a secret using robocorp-vault.\n# It requires a Robocorp environment (e.g., running within a Robocorp Task\n# or locally with appropriate environment variables like RC_API_SECRET_HOST\n# and RC_API_SECRET_TOKEN set to connect to your Control Room Vault).\n\ndef access_my_example_secret():\n    secret_name = \"MyTestSecret\" # Replace with an actual secret name from your Control Room\n    print(f\"Attempting to retrieve secret: '{secret_name}'\")\n    try:\n        # The get_secret function internally handles authentication using the\n        # Robocorp environment context or configured API access details.\n        secret = get_secret(secret_name)\n        print(f\"Successfully retrieved secret: {secret_name}\")\n        print(f\"  Username: {secret.username}\")\n        # For security, avoid printing raw passwords or sensitive values directly to logs.\n        # print(f\"  Password: {secret.password}\")\n        if secret.value:\n            print(f\"  Generic Value (first 5 chars): {secret.value[:5]}...\")\n        else:\n            print(\"  This secret does not have a generic 'value'.\")\n    except SecretNotFound:\n        print(f\"Error: Secret '{secret_name}' not found. \"\n              \"Please ensure it exists in your Robocorp Control Room Vault \"\n              \"and the bot/robot has access permissions.\")\n    except Exception as e:\n        print(f\"An unexpected error occurred while accessing the vault: {e}\")\n\nif __name__ == \"__main__\":\n    # Simulate environment check for local execution.\n    # In a real Robocorp run, these environment variables are automatically set.\n    if not os.environ.get(\"RC_API_SECRET_HOST\") and not os.environ.get(\"ROBOCORP_WORKITEM_STATE\"):\n        print(\"\\n--- Local Execution Warning --- \")\n        print(\"Running outside a Robocorp environment. Secret retrieval may fail.\")\n        print(\"To run locally, you need to configure RC_API_SECRET_HOST, RC_API_SECRET_TOKEN (or ROBOCORP_WORKITEM_STATE)\")\n        print(\"refer to Robocorp documentation for local testing secrets.\")\n        print(\"-------------------------------\\n\")\n\n    access_my_example_secret()","lang":"python","description":"This quickstart demonstrates how to fetch a secret from the Robocorp Control Room Vault. It highlights accessing common attributes like `username` and `value`. Note that `robocorp-vault` is designed to run within a Robocorp environment, which automatically provides the necessary authentication context. For local development, specific environment variables must be configured to connect to your vault."},"warnings":[{"fix":"For local development, refer to Robocorp's documentation on local setup and secret access. Ensure required environment variables are correctly set or use the Robocorp Lab/VS Code extension's local run features which handle this automatically.","message":"The `robocorp-vault` library is designed to operate within a Robocorp execution environment (e.g., a Robocorp Task or Action). When running code locally outside this environment, you must manually configure specific environment variables (`RC_API_SECRET_HOST`, `RC_API_SECRET_TOKEN`, or `ROBOCORP_WORKITEM_STATE`) to enable communication with your Control Room Vault. Without these, `get_secret` calls will likely fail.","severity":"gotcha","affected_versions":"All versions"},{"fix":"Always wrap `get_secret()` calls in a `try...except SecretNotFound:` block to gracefully handle missing secrets. Verify secret names against your Control Room Vault settings.","message":"Attempting to retrieve a secret that does not exist or whose name is misspelled will raise a `robocorp.vault.SecretNotFound` exception. This can lead to unhandled crashes if not properly anticipated.","severity":"gotcha","affected_versions":"All versions"},{"fix":"When debugging or indicating secret usage, use placeholder text or print only non-sensitive metadata (e.g., `secret.name`, `secret.description`). Avoid direct output of `secret.password` or `secret.value`.","message":"Sensitive secret values (like passwords) should never be logged directly to console output, work item logs, or external systems, as this defeats the purpose of secure secret management. While `secret.password` and `secret.value` provide access to the data, exercise extreme caution.","severity":"gotcha","affected_versions":"All versions"}],"env_vars":null,"last_verified":"2026-04-13T00:00:00.000Z","next_check":"2026-07-12T00:00:00.000Z"}