Bootstrap

Hashicorp Vault - Initialize the Vault using Python hvac

by Jeremy Canfield | Updated: May 25 2024 | Hashicorp Vault articles

This assumes you are familiar with the Python hvac client. If not, check out my article Hashicorp Vault - Getting Started with Python hvac.

If you have not yet installed Hashicorp Vault, check out my article Install Hashicorp Vault on Docker.

The very first thing you do after installing Hashicorp Vault is to initialize the vault.

Initialize the vault using the vault operator init command
Initialize the vault using the vault UI
Initialize the vault using Python hvac (this article)

Replace vault.example.com with the hostname or IP address for your Hashicorp Vault. Here is how you can display the current initialization status of the Hashicorp Vault (true or false) and to then initialize the Hashicorp Vault if it is not initialized.

Check out my article Hashicorp Vault - Error Handling using Python hvac for details on how to include Error Handling.

#!/usr/bin/python3
import hvac 

client = hvac.Client(url='http://vault.example.com:8200')

init_status = client.sys.read_init_status()

print(f"init_status = {init_status['initialized']}")

if init_status['initialized'] == False:
  init_result = client.sys.initialize()

  print(f"root_token = {init_result['root_token']}")

  for key in init_result['keys']:
    print(f"key = {key}")

  for base64_key in init_result['keys_base64']:
    print(f"base64_key = {base64_key}")

Something like this should be returned if the Hashicorp Vault was initialized by this script.

init_status = False

root_token = hvs.LbtVT0znBnQ5EUevofH7A7Q7
key = 2300d5a9858fec562911a4bd028b6395435d237bc3eaa717acbd527946ae01df1b
key = 70a05dd765f1912c8ade4a79e55d57b431225c23c5e2d089f8dab159c77859a1aa
key = 7c729213d08553fd92add56f327a49d3ce5418906501bc2c74838a7a67d8f077ca
key = bda3d8f4aefa13eb87b853ab4f083417e4bf57f0c5a4e57e1c5f11e474a9d746e6
key = ade839c83b2db535956acc1fe8fc3b6bb31e187bb8765efbaa489c84ce96981297
base64_key = IwDVqYWP7FYpEaS9AotjlUNdI3vD6qcXrL1SeUauAd8b
base64_key = cKBd12XxkSyK3kp55V1XtDEiXCPF4tCJ+NqxWcd4WaGq
base64_key = fHKSE9CFU/2SrdVvMnpJ085UGJBlAbwsdIOKemfY8HfK
base64_key = vaPY9K76E+uHuFOrTwg0F+S/V/DFpOV+HF8R5HSp10bm
base64_key = reg5yDsttTWVaswf6Pw7a7MeGHu4dl77qkichM6WmBKX

By default, the connection will timeout after 30 seconds. I find this to be much to long of a wait before timing out, so I often set the timeout to something like 2 or 5 seconds.

#!/usr/bin/python3
import hvac 

client = hvac.Client(
  url='http://vault.example.com:8200',
  timeout=2
)

Did you find this article helpful?

If so, consider buying me a coffee over at

Did you find this article helpful?

Comments

Add a Comment