Vault | Python SDK
Asymmetric generate
Vault.asymmetric_generate(algorithm, purpose, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Generate an asymmetric key
response = vault.asymmetric_generate(
algorithm=AsymmetricAlgorithm.RSA,
purpose=KeyPurpose.SIGNING,
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Asymmetric store
Vault.asymmetric_store(private_key, public_key, algorithm, purpose, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Import an asymmetric key
response = vault.asymmetric_store(
private_key="private key example",
public_key="-----BEGIN PUBLIC KEY-----\nMCowBQYDK2VwAyEA8s5JopbEPGBylPBcMK+L5PqHMqPJW/5KYPgBHzZGncc=\n-----END PUBLIC KEY-----",
algorithm=AsymmetricAlgorithm.RSA,
purpose=KeyPurpose.SIGNING,
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Decrypt
Vault.decrypt(id, cipher_text, version)Decrypt a message using a key
response = vault.decrypt(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
cipher_text="lJkk0gCLux+Q+rPNqLPEYw==",
version=1,
)
Decrypt structured
Vault.decrypt_structured(id, structured_data, filter, version, additional_data)Decrypt parts of a JSON object.
data = {"field1": [1, 2, "kxcbC9E9IlgVaSCChPWUMgUC3ko=", "6FfI/LCzatLRLNAc8SuBK/TDnGxp"], "field2": "data2"}
response = vault.decrypt_structured(
id="pvi_[...]",
structured_data=data,
filter="$.field1[2:4]"
)
Delete
Vault.delete(id)Delete a secret or key
vault.delete(id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5")
download-file
Vault.download_file()Encrypt
Vault.encrypt(id, plain_text, version)Encrypt a message using a key
response = vault.encrypt(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
plain_text="lJkk0gCLux+Q+rPNqLPEYw==",
version=1,
)
Encrypt structured
Vault.encrypt_structured(id, structured_data, filter, version, additional_data)Encrypt parts of a JSON object.
data = {"field1": [1, 2, "true", "false"], "field2": "data2"}
response = vault.encrypt_structured(
id="pvi_[...]",
structured_data=data,
filter="$.field1[2:4]"
)
Create
Vault.folder_create(name, folder, metadata, tags)Creates a folder
response = vault.folder_create(
name="folder_name",
folder="parent/folder/name",
)
Retrieve
Vault.get(id, version, version_state, verbose)Retrieve a secret or key, and any associated information
response = vault.get(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
version=1,
version_state=ItemVersionState.ACTIVE,
verbose=True,
)
JWT Retrieve
Vault.jwk_get(id, version)Retrieve a key in JWK format
response = vault.jwk_get(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
)
JWT Sign
Vault.jwt_sign(id, payload)Sign a JSON Web Token (JWT) using a key
response = vault.jwt_sign(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
payload="{\"sub\": \"1234567890\",\"name\": \"John Doe\",\"admin\": true}"
)
JWT Verify
Vault.jwt_verify(jws)Verify the signature of a JSON Web Token (JWT)
response = vault.jwt_verify(
jws="ewogICJhbGciO...",
)
Key rotate
Vault.key_rotate(id, rotation_state, public_key, private_key, key)Manually rotate a symmetric or asymmetric key
response = vault.key_rotate(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
rotation_state=ItemVersionState.DEACTIVATED,
key="lJkk0gCLux+Q+rPNqLPEYw==",
)
List
Vault.list(filter, last, order, order_by, size)Look up a list of secrets, keys and folders, and their associated information
response = vault.list(
filter={
"folder": "/",
"type": "asymmetric_key",
"name__contains": "test",
"metadata_key1": "value1",
"created_at__lt": "2023-12-12T00:00:00Z"
},
last="WyIvdGVzdF8yMDdfc3ltbWV0cmljLyJd",
order=ItemOrder.ASC,
order_by=ItemOrderBy.NAME,
size=20,
)
Token rotate
Vault.pangea_token_rotate(id)Rotate a Pangea token
response = vault.pangea_token_rotate(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
)
Pangea token store
Vault.pangea_token_store(pangea_token, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Import a secret
response = vault.pangea_token_store(
pangea_token="ptv_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd",
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Poll result
Vault.poll_result(exception)Returns request's result that has been accepted by the server
response = service.poll_result(exception)
Secret rotate
Vault.secret_rotate(id, secret, rotation_state)Rotate a secret
response = vault.secret_rotate(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
secret="12sdfgs4543qv@#%$casd",
rotation_state=ItemVersionState.DEACTIVATED,
)
Secret store
Vault.secret_store(secret, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Import a secret
response = vault.secret_store(
secret="12sdfgs4543qv@#%$casd",
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Sign
Vault.sign(id, message, version)Sign a message using a key
response = vault.sign(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
message="lJkk0gCLux+Q+rPNqLPEYw==",
version=1,
)
State change
Vault.state_change(id, state, version, destroy_period)Change the state of a specific version of a secret or key
response = vault.state_change(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
state=ItemVersionState.DEACTIVATED,
)
Symmetric generate
Vault.symmetric_generate(algorithm, purpose, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Generate a symmetric key
response = vault.symmetric_generate(
algorithm=SymmetricAlgorithm.AES,
purpose=KeyPurpose.ENCRYPTION,
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Symmetric store
Vault.symmetric_store(key, algorithm, purpose, name, folder, metadata, tags, rotation_frequency, rotation_state, expiration)Import a symmetric key
response = vault.symmetric_store(
key="lJkk0gCLux+Q+rPNqLPEYw==",
algorithm=SymmetricAlgorithm.AES,
purpose=KeyPurpose.ENCRYPTION,
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
expiration="2025-01-01T10:00:00Z",
)
Update
Vault.update(id, name, folder, metadata, tags, rotation_frequency, rotation_state, rotation_grace_period, expiration, item_state)Update information associated with a secret or key.
response = vault.update(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
name="my-very-secret-secret",
folder="/personal",
metadata={
"created_by": "John Doe",
"used_in": "Google products"
},
tags=[
"irs_2023",
"personal"
],
rotation_frequency="10d",
rotation_state=ItemVersionState.DEACTIVATED,
rotation_grace_period="1d",
expiration="2025-01-01T10:00:00Z",
item_state=ItemState.DISABLED,
)
Verify
Vault.verify(id, message, signature, version)Verify a signature using a key
response = vault.verify(
id="pvi_p6g5i3gtbvqvc3u6zugab6qs6r63tqf5",
message="lJkk0gCLux+Q+rPNqLPEYw==",
signature="FfWuT2Mq/+cxa7wIugfhzi7ktZxVf926idJNgBDCysF/knY9B7M6wxqHMMPDEBs86D8OsEGuED21y3J7IGOpCQ==",
version=1,
)