Wrapping
Unwrap
- Wrapping.unwrap(token=None)[source]
Return the original response inside the given wrapping token.
Unlike simply reading cubbyhole/response (which is deprecated), this endpoint provides additional validation checks on the token, returns the original value on the wire rather than a JSON string representation of it, and ensures that the response is properly audit-logged.
- Supported methods:
POST: /sys/wrapping/unwrap. Produces: 200 application/json
- Parameters:
token (str | unicode) – Specifies the wrapping token ID. This is required if the client token is not the wrapping token. Do not use the wrapping token in both locations.
- Returns:
The JSON response of the request.
- Return type:
dict
Examples
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
client.write(
path="auth/approle-test/role/testrole",
)
result = client.write(
path='auth/approle-test/role/testrole/secret-id',
wrap_ttl="10s",
)
unwrap_response = client.sys.unwrap(
token=result['wrap_info']['token'],
)
print('Unwrapped approle role token secret id accessor: "%s"' % unwrap_response['data']['secret_id_accessor'])
Example output:
Unwrapped approle role token secret id accessor: "..."
import hvac
client = hvac.Client(url='https://127.0.0.1:8200')
client.write(
path="auth/approle-test/role/testrole",
)
result = client.write(
path='auth/approle-test/role/testrole/secret-id',
wrap_ttl="10s",
)
result_token = result['wrap_info']['token']
unwrapping_client = hvac.Client(url='https://127.0.0.1:8200', token=result_token)
# Do not pass the token to unwrap when authenticating with the wrapping token
unwrap_response = unwrapping_client.sys.unwrap()
print('Unwrapped approle role token secret id accessor: "%s"' % unwrap_response['data']['secret_id_accessor'])
Example output:
Unwrapped approle role token secret id accessor: "..."