Use vault parameters in your indexing pipeline extension

In this article

Vault parameters are sensitive and restricted key-value pairs stored using the Vault API of the Coveo Migration Service and passed as arguments to target IPEs. More precisely, these parameters populate the vault_parameters dictionary available in target IPEs. Typically, you’ll use these IPE vault_parameters values as usernames and passwords to access external resources.

Of course, vault entries can’t be logged using the Document Object Python API.


You use the POST /vaultentries endpoint to create a vault entry for a password you want to use in an IPE.


Accept: application/json
Content-Type: application/json

In the request payload, you set IPE_password as the vault entry key, and you set its value to 2d6snx9@, which is your password. The unique identifier of your IPE is yourorganizationid-xc56kss5iazmlq4irhndj52ns4, so you pass that as the target id value.

  "scopes": [
      "id": "yourorganizationid-xc56kss5iazmlq4irhndj52ns4",
      "resourceType": "EXTENSION"
  "key": "IPE_password",
  "organizationId": "yourorganizationid",
  "vaultVisibilityType": "OBFUSCATED",
  "value": "2d6snx9@",
  "valueType": "string"

Now, in your IPE, you leverage that vault entry via vault_parameters["IPE_password"] to make a request to an external library.

import requests

r = requests.get("", auth=("yourusername", vault_parameters["IPE_password"]))

if r.status_code == 200:
  # ...