Init
Read Status
- Init.read_init_status()[source]
Read the initialization status of Vault.
- Supported methods:
GET: /sys/init. Produces: 200 application/json
- Returns:
The JSON response of the request.
- Return type:
dict
Examples
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
read_response = client.sys.read_init_status()
print('Vault initialize status: %s' % read_response['initialized'])
Example output:
Vault initialize status: True
Is Initialized
- Init.is_initialized()[source]
Determine is Vault is initialized or not.
- Returns:
True if Vault is initialized, False otherwise.
- Return type:
bool
Examples
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
print('Vault initialize status: %s' % client.sys.is_initialized())
Example output:
Vault initialize status: True
Initialize
- Init.initialize(secret_shares=None, secret_threshold=None, pgp_keys=None, root_token_pgp_key=None, stored_shares=None, recovery_shares=None, recovery_threshold=None, recovery_pgp_keys=None)[source]
Initialize a new Vault.
The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM.
- Supported methods:
PUT: /sys/init. Produces: 200 application/json
- Parameters:
secret_shares (int) – The number of shares to split the master key into.
secret_threshold (int) – Specifies the number of shares required to reconstruct the master key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares, or omitted, depending on the version of Vault and the seal type.
pgp_keys (list) – List of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares.
root_token_pgp_key (str | unicode) – Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.
stored_shares (int) – <enterprise only> Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as secret_shares.
recovery_shares (int) – <enterprise only> Specifies the number of shares to split the recovery key into.
recovery_threshold (int) – <enterprise only> Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to recovery_shares.
recovery_pgp_keys (list) – <enterprise only> Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as recovery_shares.
- Returns:
The JSON response of the request.
- Return type:
dict
Examples
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
init_result = client.sys.initialize()
root_token = init_result['root_token']
unseal_keys = init_result['keys']
When called for a previously initialized Vault cluster, an exception is raised:
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
init_result = client.sys.initialize()
Example output:
Traceback (most recent call last):
...
hvac.exceptions.InvalidRequest: Vault is already initialized