This assumes you are familiar with the Python hvac client. If not, check out my article Hashicorp Vault - Getting Started with Python hvac.
This assumes the following has already been done.
Here is how you can use client.sys.read_health_status to return the health status of Hashicorp Vault.
Check out my article Hashicorp Vault - Error Handling using Python hvac for details on how to include Error Handling.
#!/usr/bin/python3
import hvac
client = hvac.Client(url='http://vault.example.com:8200')
response = client.sys.read_health_status(method='GET')
for key in response:
if key == "license":
print(f"license {key} = {response['license'][key]}")
else:
print(f"{key} = {response[key]}")
Something like this should be returned.
initialized = True
sealed = False
standby = False
performance_standby = False
replication_performance_mode = disabled
replication_dr_mode = primary
server_time_utc = 1712141650
version = 1.15.2+ent
cluster_name = vault-cluster-abcdefg
cluster_id = abcd1234-xyza-5678-fd12-1234abde5432
last_wal = 7943498
'license'[state] = autoloaded
'license'[expiry_time] = 2026-06-30T00:00:00Z
'license'[terminated] = False
Be aware that if your Hashicorp Vault is in a bad way, instead of returning a dictionary, the response may return something like this.
<Response [473]>
If you were to print the response wrapped in type.
print(type(response))
Something like this should be returned, showing that the response is a class, not a dictionary.
<class 'requests.models.Response'>
If you were to print the class vars.
print(vars(response))
Something like this should be returned. Notice this included status_code, which is 473 in this example.
{
'_content':b'{
"initialized":true,
"sealed":false,
"standby":true,
"performance_standby":true,
"replication_performance_mode":"disabled",
"replication_dr_mode":"primary",
"server_time_utc":1712204521,
"version":"1.15.2+ent",
"cluster_name":"vault-cluster-abcdefg",
"cluster_id":"abcd1234-xyza-5678-fd12-1234abde5432",
"license":{
"state":"autoloaded",
"expiry_time":"2026-06-30T00:00:00Z",
"terminated":false}
}\n',
'_content_consumed': True,
'_next': None,
'status_code': 473,
'headers': {
'Cache-Control': 'no-store',
'Content-Type': 'application/json',
'Strict-Transport-Security': 'max-age=31536000; includeSubDomains',
'Date': 'Thu, 04 Apr 2024 04:22:01 GMT',
'Content-Length': '385'},
'raw': <urllib3.response.HTTPResponse object at 0x7f044c3dd4a8>,
'url': 'https://vault.example.com/v1/sys/health',
'encoding': 'utf-8',
'history': [],
'reason': 'status code 473',
'cookies': <RequestsCookieJar[]>,
'elapsed': datetime.timedelta(0, 0, 71764),
'request': <PreparedRequest [GET]>,
'connection': <requests.adapters.HTTPAdapter object at 0x7f044c85a908>
}
The status_code should be one of the following.
- 200 - vault is initialized, unsealed, and active
- 429 - vault is unsealed and standby
- 472 - vault is in disaster recovery mode replication secondary and active
- 473 - vault is in performance standby
- 501 - vault is not initialized
- 503 - vault is sealed
Here is one way you could account for this. Basically, an AttributeError should be raised if the returned the dictionary of key/value pairs.
#!/usr/bin/python3
import hvac
client = hvac.Client(url='http://vault.example.com:8200')
response = client.sys.read_health_status(method='GET')
try:
response.status_code
except AttributeError:
for key in keys:
if key == "license":
print(f"license {key} = {response['license'][key]}")
else:
print(f"{key} = {response[key]}")
else:
print(response.status_code)
Did you find this article helpful?
If so, consider buying me a coffee over at 