This assumes you are familiar with the Python hvac client. If not, check out my article Hashicorp Vault - Getting Started with Python hvac.

This assumes the following has already been done.

• Hashicorp Vault has been installed
• Hashicorp Vault has been initialized
• Hashicorp Vault has been unsealed
• approle authentication has been enabled
• an approle role has been created with a role ID and secret ID

For example, let's say a role named my-role was created and the role ID is b4a68549-1464-7aac-b0cd-d22954985aa8.

~]$ vault read auth/approle/role/my-role/role-id
Key        Value
---        -----
role_id    b4a68549-1464-7aac-b0cd-d22954985aa8

And the secret ID is 6039e2e2-6017-8db9-2e1b-dd6bd449f901.

~]$ vault write -f auth/approle/role/my-role/secret-id
Key                   Value
---                   -----
secret_id             6039e2e2-6017-8db9-2e1b-dd6bd449f901
secret_id_accessor    c8ef166e-4b09-0e1f-b70e-cb3a871a6460
secret_id_num_uses    40
secret_id_ttl         10m

Here is how you can login to the vault using Python hvac approle.

Check out my article Hashicorp Vault - Error Handling using Python hvac for details on how to include Error Handling.

#!/usr/bin/python3
import hvac

client = hvac.Client(url='http://vault.example.com:8200')

is_client_authenticated = client.is_authenticated()

print(f"is_client_authenticated before approle login= {is_client_authenticated}")

client.auth.approle.login(
  role_id="b4a68549-1464-7aac-b0cd-d22954985aa8",
  secret_id="6039e2e2-6017-8db9-2e1b-dd6bd449f901"
)

is_client_authenticated = client.is_authenticated()

print(f"is_client_authenticated after approle login = {is_client_authenticated}")