🔒 Python 2.7/3.X client for HashiCorp Vault
Clone or download
jeffwecan Bump Vault Versions - Vault v1.0.0 (#344)
* fix TOXENV for 3.6 jobs

* Drop v0.8.3, add v1.0.0

* Update readme

* Handle different response keys in Vault v1.0.0

* Also work around new list response return type

* Add get_generate_root_otp utils method for v1.0.0 and/or previous vers

* Update missed TOXENV arg under allow_failures dict

* Call out why v0.11.0 is hanging about

* Clarify name/purpose of vault ver comparison methods
Latest commit efcdb96 Dec 3, 2018



HashiCorp Vault API client for Python 2.7/3.x

Travis CI codecov Documentation Status PyPI version

Tested against the latest release, HEAD ref, and 3 previous major versions (counting back from the latest release) of Vault. Currently supports Vault v0.9.6 or later.


Documentation for this module is hosted on readthedocs.io.

Getting started


pip install hvac


pip install "hvac[parser]"

if you would like to be able to return parsed HCL data as a Python dict for methods that support it.

Initialize the client

import os

import hvac

# Using plaintext
client = hvac.Client()
client = hvac.Client(url='http://localhost:8200')
client = hvac.Client(url='http://localhost:8200', token=os.environ['VAULT_TOKEN'])

# Using TLS
client = hvac.Client(url='https://localhost:8200')

# Using TLS with client-side certificate authentication
client = hvac.Client(url='https://localhost:8200', cert=('path/to/cert.pem', 'path/to/key.pem'))

# Using Namespace
client = hvac.Client(url='http://localhost:8200', token=os.environ['VAULT_TOKEN'], namespace=os.environ['VAULT_NAMESPACE'])

Read and write to secret backends

client.write('secret/foo', baz='bar', lease='1h')



Authenticate using token auth backend

# Token
client.token = 'MY_TOKEN'
assert client.is_authenticated() # => True