Skip to main content

Import a token

Add a token through import

Vault allows users to store Pangea API tokens as a special type of secret in the Vault service. Unlike regular secrets, Pangea API tokens can be configured with an automated rotation policy, which will generate a new Pangea API token, with the same permissions, on a defined interval.

Only one Vault item can point to a Pangea API token, meaning two entries in the Vault cannot be created to point to the same token. Additionally, a Pangea API token from another project may not be stored in a Vault configured in a different project.


A Pangea API token may only be imported via API. However, in the Vault UI, a Pangea API token may be generated as well. This capability is not available via API.

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from import Vault

def import_token(token_name, token):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)
token_id = None

# store a token
create_response = vault.pangea_token_store(token, token_name)
token_id =

except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")

return token_id

Was this article helpful?

Contact us