InitΒΆ

Read StatusΒΆ

Init.read_init_status()[source]

Read the initialization status of Vault.

Supported methods:
GET: /sys/init. Produces: 200 application/json
Returns:The JSON response of the request.
Return type:dict

ExamplesΒΆ

import hvac

client = hvac.Client(url='https://127.0.0.1:8200')

read_response = client.sys.read_init_status()
print('Vault initialize status: %s' % read_response['initialized'])

Example output:

Vault initialize status: True

Is InitializedΒΆ

Init.is_initialized()[source]

Determine is Vault is initialized or not.

Returns:True if Vault is initialized, False otherwise.
Return type:bool

ExamplesΒΆ

import hvac

client = hvac.Client(url='https://127.0.0.1:8200')

print('Vault initialize status: %s' % client.sys.is_initialized())

Example output:

Vault initialize status: True

InitializeΒΆ

Init.initialize(secret_shares=5, secret_threshold=3, pgp_keys=None, root_token_pgp_key=None, stored_shares=None, recovery_shares=None, recovery_threshold=None, recovery_pgp_keys=None)[source]

Initialize a new Vault.

The Vault must not have been previously initialized. The recovery options, as well as the stored shares option, are only available when using Vault HSM.

Supported methods:
PUT: /sys/init. Produces: 200 application/json
Parameters:
  • secret_shares (int) – The number of shares to split the master key into.
  • secret_threshold (int) – Specifies the number of shares required to reconstruct the master key. This must be less than or equal secret_shares. If using Vault HSM with auto-unsealing, this value must be the same as secret_shares.
  • pgp_keys (list) – List of PGP public keys used to encrypt the output unseal keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as secret_shares.
  • root_token_pgp_key (str | unicode) – Specifies a PGP public key used to encrypt the initial root token. The key must be base64-encoded from its original binary representation.
  • stored_shares (int) – <enterprise only> Specifies the number of shares that should be encrypted by the HSM and stored for auto-unsealing. Currently must be the same as secret_shares.
  • recovery_shares (int) – <enterprise only> Specifies the number of shares to split the recovery key into.
  • recovery_threshold (int) – <enterprise only> Specifies the number of shares required to reconstruct the recovery key. This must be less than or equal to recovery_shares.
  • recovery_pgp_keys (list) – <enterprise only> Specifies an array of PGP public keys used to encrypt the output recovery keys. Ordering is preserved. The keys must be base64-encoded from their original binary representation. The size of this array must be the same as recovery_shares.
Returns:

The JSON response of the request.

Return type:

dict

ExamplesΒΆ

import hvac

client = hvac.Client(url='https://127.0.0.1:8200')

init_result = client.sys.initialize()

root_token = init_result['root_token']
unseal_keys = init_result['keys']

When called for a previously initialized Vault cluster, an exception is raised:

import hvac

client = hvac.Client(url='https://127.0.0.1:8200')

init_result = client.sys.initialize()

Example output:

Traceback (most recent call last):
  ...
hvac.exceptions.InvalidRequest: Vault is already initialized