Robocorp Vault

1.4.0 · active · verified Mon Apr 13

Robocorp Vault is a Python library that provides an API for securely accessing secrets stored in the Robocorp Control Room Vault. It allows bots and assistants to retrieve sensitive information like usernames, passwords, and API keys. The library is part of the larger Robocorp ecosystem, offering a stable interface, with releases occurring as needed to support platform updates or introduce new features.

Warnings

gotcha The `robocorp-vault` library is designed to operate within a Robocorp execution environment (e.g., a Robocorp Task or Action). When running code locally outside this environment, you must manually configure specific environment variables (`RC_API_SECRET_HOST`, `RC_API_SECRET_TOKEN`, or `ROBOCORP_WORKITEM_STATE`) to enable communication with your Control Room Vault. Without these, `get_secret` calls will likely fail.
Fix: For local development, refer to Robocorp's documentation on local setup and secret access. Ensure required environment variables are correctly set or use the Robocorp Lab/VS Code extension's local run features which handle this automatically.
gotcha Attempting to retrieve a secret that does not exist or whose name is misspelled will raise a `robocorp.vault.SecretNotFound` exception. This can lead to unhandled crashes if not properly anticipated.
Fix: Always wrap `get_secret()` calls in a `try...except SecretNotFound:` block to gracefully handle missing secrets. Verify secret names against your Control Room Vault settings.
gotcha Sensitive secret values (like passwords) should never be logged directly to console output, work item logs, or external systems, as this defeats the purpose of secure secret management. While `secret.password` and `secret.value` provide access to the data, exercise extreme caution.
Fix: When debugging or indicating secret usage, use placeholder text or print only non-sensitive metadata (e.g., `secret.name`, `secret.description`). Avoid direct output of `secret.password` or `secret.value`.

Install

pip install robocorp-vault Install robocorp-vault

Imports

get_secret
```
from robocorp.vault import get_secret
```
The library's internal package name is `robocorp.vault`, not `robocorp_vault`.
SecretNotFound
```
from robocorp.vault import SecretNotFound
```
Import this exception to handle cases where a requested secret does not exist.
get_secret_names
```
from robocorp.vault import get_secret_names
```
Useful for listing available secret names, especially for debugging or dynamic access.

Quickstart

This quickstart demonstrates how to fetch a secret from the Robocorp Control Room Vault. It highlights accessing common attributes like `username` and `value`. Note that `robocorp-vault` is designed to run within a Robocorp environment, which automatically provides the necessary authentication context. For local development, specific environment variables must be configured to connect to your vault.

import os
from robocorp.vault import get_secret, SecretNotFound

# This example demonstrates how to retrieve a secret using robocorp-vault.
# It requires a Robocorp environment (e.g., running within a Robocorp Task
# or locally with appropriate environment variables like RC_API_SECRET_HOST
# and RC_API_SECRET_TOKEN set to connect to your Control Room Vault).

def access_my_example_secret():
    secret_name = "MyTestSecret" # Replace with an actual secret name from your Control Room
    print(f"Attempting to retrieve secret: '{secret_name}'")
    try:
        # The get_secret function internally handles authentication using the
        # Robocorp environment context or configured API access details.
        secret = get_secret(secret_name)
        print(f"Successfully retrieved secret: {secret_name}")
        print(f"  Username: {secret.username}")
        # For security, avoid printing raw passwords or sensitive values directly to logs.
        # print(f"  Password: {secret.password}")
        if secret.value:
            print(f"  Generic Value (first 5 chars): {secret.value[:5]}...")
        else:
            print("  This secret does not have a generic 'value'.")
    except SecretNotFound:
        print(f"Error: Secret '{secret_name}' not found. "
              "Please ensure it exists in your Robocorp Control Room Vault "
              "and the bot/robot has access permissions.")
    except Exception as e:
        print(f"An unexpected error occurred while accessing the vault: {e}")

if __name__ == "__main__":
    # Simulate environment check for local execution.
    # In a real Robocorp run, these environment variables are automatically set.
    if not os.environ.get("RC_API_SECRET_HOST") and not os.environ.get("ROBOCORP_WORKITEM_STATE"):
        print("\n--- Local Execution Warning --- ")
        print("Running outside a Robocorp environment. Secret retrieval may fail.")
        print("To run locally, you need to configure RC_API_SECRET_HOST, RC_API_SECRET_TOKEN (or ROBOCORP_WORKITEM_STATE)")
        print("refer to Robocorp documentation for local testing secrets.")
        print("-------------------------------\n")

    access_my_example_secret()

view raw JSON →