Is it possible to have a locally run robot fetch secrets from Robocorp Cloud Vault?

It certainly is! A few steps are needed:

  • Figure out workspace ID ( rcc cloud workspace )
  • Get token ( rcc cloud authorize -w <workspace ID> )
  • Configure env variables in env.json:

"RC_WORKSPACE_ID": "<workspace ID",
"RC_API_SECRET_HOST": " https://api.eu1.robocloud.eu ",
"RC_API_SECRET_TOKEN":"<Token>"

The token is quite short lived though, but this can certainly be used to make local runs closer to Cloud orchestrated runs.

3 Likes

Hi @Tim,

Is there a way to get the token when needed and place in env.json with robot/ code or do we need to manually update it while running from local?

Sadly you do need to update it quite often. A small script can act as a helper, this is what I have used:
rcc cloud authorize -w MY_WORKSPACE | python -c 'import sys, json;print(json.load(sys.stdin)["token"]);'

And maybe even plug it into env.json with a script as well

Yes, that helps. Thanks @Tim