From c8fdb9bd572d6f4e6b9e1732f734a52f749162e9 Mon Sep 17 00:00:00 2001
From: William Huba <william@workos.com>
Date: Fri, 2 Jan 2026 15:15:21 -0500
Subject: [PATCH] Add `read_object_by_name` method for Vault API

---
 tests/test_vault.py | 28 ++++++++++++++++++++++++++++
 workos/vault.py     | 29 +++++++++++++++++++++++++++++
 2 files changed, 57 insertions(+)

diff --git a/tests/test_vault.py b/tests/test_vault.py
index 753b5aa7..9e355a9a 100644
--- a/tests/test_vault.py
+++ b/tests/test_vault.py
@@ -107,6 +107,34 @@ def test_read_object_none_object_id(self):
         ):
             self.vault.read_object(object_id=None)
 
+    def test_read_object_by_name_success(
+        self, mock_vault_object, capture_and_mock_http_client_request
+    ):
+        request_kwargs = capture_and_mock_http_client_request(
+            self.http_client, mock_vault_object, 200
+        )
+
+        vault_object = self.vault.read_object_by_name(name="test-secret")
+
+        assert request_kwargs["method"] == "get"
+        assert request_kwargs["url"].endswith("/vault/v1/kv/name/test-secret")
+        assert vault_object.id == "vault_01234567890abcdef"
+        assert vault_object.name == "test-secret"
+        assert vault_object.value == "secret-value"
+        assert vault_object.metadata.environment_id == "env_01234567890abcdef"
+
+    def test_read_object_by_name_missing_name(self):
+        with pytest.raises(
+            ValueError, match="Incomplete arguments: 'name' is a required argument"
+        ):
+            self.vault.read_object_by_name(name="")
+
+    def test_read_object_by_name_none_name(self):
+        with pytest.raises(
+            ValueError, match="Incomplete arguments: 'name' is a required argument"
+        ):
+            self.vault.read_object_by_name(name=None)
+
     def test_list_objects_default_params(
         self, mock_vault_objects_list, capture_and_mock_http_client_request
     ):
diff --git a/workos/vault.py b/workos/vault.py
index 28ab127f..d57964aa 100644
--- a/workos/vault.py
+++ b/workos/vault.py
@@ -37,6 +37,17 @@ def read_object(self, *, object_id: str) -> VaultObject:
         """
         ...
 
+    def read_object_by_name(self, *, name: str) -> VaultObject:
+        """
+        Get a Vault object by name with the value decrypted.
+
+        Kwargs:
+            name (str): The unique name of the object.
+        Returns:
+            VaultObject: A vault object with metadata, name and decrypted value.
+        """
+        ...
+
     def list_objects(
         self,
         *,
@@ -230,6 +241,24 @@ def read_object(
 
         return VaultObject.model_validate(response)
 
+    def read_object_by_name(
+        self,
+        *,
+        name: str,
+    ) -> VaultObject:
+        if not name:
+            raise ValueError("Incomplete arguments: 'name' is a required argument")
+
+        response = self._http_client.request(
+            RequestHelper.build_parameterized_url(
+                "vault/v1/kv/name/{name}",
+                name=name,
+            ),
+            method=REQUEST_METHOD_GET,
+        )
+
+        return VaultObject.model_validate(response)
+
     def list_objects(
         self,
         *,