Vault Client

The Vault client provides secure credential management with AES-256-GCM encryption. Store usernames, passwords, and other sensitive data for use in workflow executions.

All sensitive fields (user_name, password, and tfa_secret) are automatically encrypted by the SDK before being sent to CloudCruise servers. Plaintext credentials are never transmitted or stored.

Setup

from cloudcruise import CloudCruise, CloudCruiseParams

client = CloudCruise(
    CloudCruiseParams(
        api_key="your-api-key",
        encryption_key="your-encryption-key",
    )
)

The encryption_key is required for vault operations. Get it from CloudCruise Settings.

Creating a Vault Entry

Use client.vault.create() to store new credentials:

entry = client.vault.create(
    domain="https://example.com",
    permissioned_user_id="unique-user-id",
    options={
        "user_name": "john@example.com",
        "password": "secret-password",
        "user_alias": "John's Account",
    },
)

print("Created vault entry:", entry.get("id"))

Parameters

Parameter	Type	Required	Description
`domain`	`str`	Yes	Target domain for the credentials (e.g., `https://example.com`)
`permissioned_user_id`	`str`	Yes	Unique identifier to reference this entry in workflows
`options`	`dict`	No	Additional fields (see below)

Options Dictionary

Field	Type	Description
`user_name`	`str`	Username or email for authentication
`password`	`str`	Password credential
`user_alias`	`str`	Human-readable label for the entry
`tfa_secret`	`str`	TOTP secret for two-factor authentication
`tfa_method`	`str`	TFA method: `"AUTHENTICATOR"`, `"EMAIL"`, `"MAGIC_LINK"`, or `"SMS"`
`persist_cookies`	`bool`	Maintain cookies across workflow executions
`persist_local_storage`	`bool`	Maintain local storage across executions
`persist_session_storage`	`bool`	Maintain session storage across executions
`skip_csrf_cookies`	`bool`	Skip injecting CSRF-related cookies (e.g. XSRF-TOKEN) during session restore
`allow_multiple_sessions`	`bool`	Allow concurrent workflow sessions with these credentials
`max_concurrency`	`int`	Maximum concurrent sessions (when `allow_multiple_sessions` is true)
`proxy`	`dict`	Proxy configuration with `enable` (bool) and `target_ip` (str)

Getting Vault Entries

Retrieve vault entries with optional filtering:

from cloudcruise.vault import GetVaultEntriesFilters

# Get all entries
all_entries = client.vault.get()

# Get specific entry by domain and user ID
entries = client.vault.get(
    GetVaultEntriesFilters(
        domain="https://example.com",
        permissioned_user_id="unique-user-id",
    )
)

# Get entries without decrypting credentials
entries = client.vault.get(
    GetVaultEntriesFilters(
        domain="https://example.com",
        permissioned_user_id="unique-user-id",
        decryptCredentials=False,
    )
)

GetVaultEntriesFilters

Field	Type	Description
`domain`	`str`	Filter by target domain
`permissioned_user_id`	`str`	Filter by user ID
`decryptCredentials`	`bool`	Whether to decrypt credentials (default: `True`)

When filtering, both domain and permissioned_user_id must be provided together.

Updating a Vault Entry

Update an existing vault entry:

updated_entry = client.vault.update({
    "domain": "https://example.com",
    "permissioned_user_id": "unique-user-id",
    "user_name": "new-username@example.com",
    "password": "new-password",
    "user_alias": "Updated Account Name",
})

Required Fields for Update

Field	Required
`domain`	Yes
`permissioned_user_id`	Yes
`user_name`	Yes
`password`	Yes

Deleting a Vault Entry

Delete a vault entry by domain and user ID:

client.vault.delete({
    "domain": "https://example.com",
    "permissioned_user_id": "unique-user-id",
})

Using Vault Entries in Workflows

Reference vault credentials in workflow runs by passing the permissioned_user_id as an input variable:

from cloudcruise import StartRunRequest

# First, ensure the vault entry exists
entries = client.vault.get(
    GetVaultEntriesFilters(
        domain="https://login.example.com",
        permissioned_user_id="user-123",
    )
)

if not entries:
    client.vault.create(
        domain="https://login.example.com",
        permissioned_user_id="user-123",
        options={
            "user_name": "john@example.com",
            "password": "secret-password",
        },
    )

# Start the workflow with the vault entry reference
run = client.runs.start(
    StartRunRequest(
        workflow_id="your-workflow-id",
        run_input_variables={
            "USER": "user-123",  # References the permissioned_user_id
        },
    )
)

result = run.wait()
print("Run completed:", result.get("status"))

The input variable name (e.g., USER) depends on how your workflow is configured. Check your workflow’s input schema in the CloudCruise dashboard.

Getting Started

Concepts

API Reference

SDK

Integrations

Vault

Vault Client

Setup

Creating a Vault Entry

Parameters

Options Dictionary

Getting Vault Entries

GetVaultEntriesFilters

Updating a Vault Entry

Required Fields for Update

Deleting a Vault Entry

Using Vault Entries in Workflows

Getting Started

Concepts

API Reference

SDK

Integrations

Documentation Index

​Vault Client

​Setup

​Creating a Vault Entry

​Parameters

​Options Dictionary

​Getting Vault Entries

​GetVaultEntriesFilters

​Updating a Vault Entry

​Required Fields for Update

​Deleting a Vault Entry

​Using Vault Entries in Workflows

Vault Client

Setup

Creating a Vault Entry

Parameters

Options Dictionary

Getting Vault Entries

GetVaultEntriesFilters

Updating a Vault Entry

Required Fields for Update

Deleting a Vault Entry

Using Vault Entries in Workflows