Skip to main content

Get a secret

Retrieve a secret

One of the key operations of a Vault is to retrieve secrets stored in the Vault for use by your application code. Using the secret manager to manage access to secrets rather than hard coding is a good way to minimize the risk of secret leakage and breaches.

import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault


def get_secret(secret_id: str) -> str:
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)

try:
# If no version is specified, then the current version is returned.
response = vault.get(secret_id)
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")
else:
return response.result.current_version.secret

Get a specific secret version

In some cases, you may have more than one active version of a secret. You may want to retrieve metadata about the secret.


import os

import pangea.exceptions as pe
from pangea.config import PangeaConfig
from pangea.services import Vault


def get_secret_version(secret_id, version):
token = os.getenv("PANGEA_VAULT_TOKEN")
domain = os.getenv("PANGEA_DOMAIN")
config = PangeaConfig(domain=domain)
vault = Vault(token, config=config)

try:
# get specified version
response = vault.get(secret_id, version)
except pe.PangeaAPIException as e:
print(f"Vault Request Error: {e.response.summary}")
for err in e.errors:
print(f"\t{err.detail} \n")

# possible to return multiple versions
return response.result.versions[0].secret

Was this article helpful?

Contact us