SealΒΆ

Seal StatusΒΆ

Client.seal_status

Read the seal status of the Vault.

This is an unauthenticated endpoint.

Supported methods:

GET: /sys/seal-status. Produces: 200 application/json

Returns

The JSON response of the request.

Return type

dict

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

print('Is Vault sealed: %s' % client.seal_status['sealed'])

Example output:

Is Vault sealed: False

Is SealedΒΆ

Seal.is_sealed()[source]

Determine if Vault is sealed.

Returns

True if Vault is seal, False otherwise.

Return type

bool

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

print('Is Vault sealed: %s' % client.sys.is_sealed())

Example output:

Is Vault sealed: False

Read Seal StatusΒΆ

Seal.read_seal_status()[source]

Read the seal status of the Vault.

This is an unauthenticated endpoint.

Supported methods:

GET: /sys/seal-status. Produces: 200 application/json

Returns

The JSON response of the request.

Return type

dict

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

print('Is Vault sealed: %s' % client.sys.read_seal_status()['sealed'])

Example output:

Is Vault sealed: False

SealΒΆ

Seal.seal()[source]

Seal the Vault.

In HA mode, only an active node can be sealed. Standby nodes should be restarted to get the same effect. Requires a token with root policy or sudo capability on the path.

Supported methods:

PUT: /sys/seal. Produces: 204 (empty body)

Returns

The response of the request.

Return type

requests.Response

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

client.sys.seal()

Submit Unseal KeyΒΆ

Seal.submit_unseal_key(key=None, reset=False, migrate=False)[source]

Enter a single master key share to progress the unsealing of the Vault.

If the threshold number of master key shares is reached, Vault will attempt to unseal the Vault. Otherwise, this API must be called multiple times until that threshold is met.

Either the key or reset parameter must be provided; if both are provided, reset takes precedence.

Supported methods:

PUT: /sys/unseal. Produces: 200 application/json

Parameters
  • key (str | unicode) – Specifies a single master key share. This is required unless reset is true.

  • reset (bool) – Specifies if previously-provided unseal keys are discarded and the unseal process is reset.

  • migrate – Available in 1.0 Beta - Used to migrate the seal from shamir to autoseal or autoseal to shamir. Must be provided on all unseal key calls.

Type

migrate: bool

Returns

The JSON response of the request.

Return type

dict

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

client.sys.submit_unseal_key(key=key)

Submit Unseal KeysΒΆ

Seal.submit_unseal_keys(keys, migrate=False)[source]

Enter multiple master key share to progress the unsealing of the Vault.

Parameters
  • keys (List[str]) – List of master key shares.

  • migrate – Available in 1.0 Beta - Used to migrate the seal from shamir to autoseal or autoseal to shamir. Must be provided on all unseal key calls.

Type

migrate: bool

Returns

The JSON response of the last unseal request.

Return type

dict

ExamplesΒΆ

import hvac
client = hvac.Client(url='https://127.0.0.1:8200')

client.sys.submit_unseal_keys(keys=keys)