VaultKit Python SDK for policy-driven, runtime governed data access

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ndbaba from gravatar.com ndbaba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: VaultKit
  • Tags ai , data , sdk , governance , security , agents , runtime
  • Requires: Python >=3.8
Classifiers
Report project as malware

Project description

VaultKit Python SDK

Secure, policy-driven data access for AI agents and applications.

VaultKit is a control plane for governed data access. This SDK allows Python applications and AI agents to safely query data with built-in policy enforcement, approval workflows, and auditability.

Features

  • Policy-enforced data access (masking, approval, deny)
  • First-class support for AI agents (OpenAI, Anthropic)
  • Built-in approval workflows
  • Automatic polling and retries
  • Schema-aware dataset discovery
  • Simple, high-level API via execute()

Installation

pip install vaultkit

Quick Start

from vaultkit import VaultKitClient

client = VaultKitClient(
    base_url="http://localhost:3000",
    token="YOUR_TOKEN",
    org="YOUR_ORG",
)

result = client.execute(
    dataset="users",
    fields=["id", "email"],
    limit=10,
    purpose="Analyze user activity",
)

print(result.rows)

AI Agent Usage

VaultKit provides built-in tools for LLM agents.

from vaultkit.tools import ToolBuilder, ToolExecutor, ToolProvider

builder = ToolBuilder(client)

tools = builder.build(
    provider=ToolProvider.OPENAI,
    include_check_approval=True,
)

executor = ToolExecutor(client)

result = executor.execute(
    "vaultkit_query",
    {
        "dataset": "users",
        "limit": 5,
        "purpose": "Analyze user trends",
    },
)

See full example: examples/agent_openai_demo.py

Approval Flow

Some queries require human approval before data is returned.

from vaultkit.errors.exceptions import ApprovalRequiredError

try:
    client.execute(dataset="sensitive_data", purpose="Analysis")
except ApprovalRequiredError as e:
    print(f"Approval required. Request ID: {e.request_id}")

Once approved, resume with:

result = client.poll_request(request_id="req_123")

API Overview

High-Level

Method Description
client.execute(...) Full lifecycle: query → poll → fetch. Recommended for most use cases.

Low-Level

Method Description
client.query(...) Submit an intent request, get a QueryResult
client.poll(result) Block until a queued result reaches a terminal state
client.fetch(grant_ref=...) Redeem a grant for data
client.poll_request(request_id=...) Poll by request ID (used in approval flows)

Discovery

Method Description
client.datasets() List authorized datasets from the registry
client.schema("users") Get field-level schema for a dataset

How It Works

Client → VaultKit → Policy Engine → Data Source
                         ↓
                  Enforced Policies
  1. Queries are evaluated against policy bundles at runtime
  2. Sensitive fields may be masked based on requester context
  3. Some datasets require human approval before access is granted
  4. All access is logged and auditable

Why VaultKit?

Traditional access control is static — permissions are set upfront and rarely change. VaultKit enables:

  • Runtime, policy-driven access — decisions made at query time based on context
  • AI-safe data access — purpose and clearance are first-class query parameters
  • Auditability and compliance — every request is tracked with correlation IDs

Environment Variables

export VAULTKIT_URL=http://localhost:3000
export VAULTKIT_TOKEN=your_token
export VAULTKIT_ORG=your_org

Or use a .env file (see .env.example).

Local Development

Start VaultKit locally with Docker:

docker compose up

Run the test suite:

pytest

License

MIT

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for ndbaba from gravatar.com ndbaba

Unverified details

These details have not been verified by PyPI
Project links
Meta
  • License: MIT License (MIT)
  • Author: VaultKit
  • Tags ai , data , sdk , governance , security , agents , runtime
  • Requires: Python >=3.8
Classifiers

Release history Release notifications | RSS feed

This version

0.1.0

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

vaultkit-0.1.0.tar.gz (20.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

vaultkit-0.1.0-py3-none-any.whl (24.8 kB view details)

Uploaded Python 3

File details

Details for the file vaultkit-0.1.0.tar.gz.

File metadata

  • Download URL: vaultkit-0.1.0.tar.gz
  • Upload date:
  • Size: 20.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.7

File hashes

Hashes for vaultkit-0.1.0.tar.gz
Algorithm Hash digest
SHA256 df3a138f0823d485ad99f547312cb3a7b49b661b20a116c835e3203d85ca4e32
MD5 71e335465f0ccc534c80706ec4848238
BLAKE2b-256 7d5244f64d87c36ff8c8a9a38e5d01ed673dc9264f85606d2ac636290a4e1a8b

See more details on using hashes here.

File details

Details for the file vaultkit-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: vaultkit-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 24.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/6.2.0 CPython/3.11.7

File hashes

Hashes for vaultkit-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 d97271363a3034ae592488d345f9da2307d17c156fc81f1f43345220d25407a4
MD5 e91697cae125072b5973cf258153715a
BLAKE2b-256 ad4152fb479a4ded97225ce82f5e3b9a72d4d7e1bf773f83f4a23b2757dd61a5

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page