2024-02-10 10:40:23 +01:00
|
|
|
#!/usr/bin/env python
|
|
|
|
|
|
|
|
import requests
|
|
|
|
import secrets
|
|
|
|
import json
|
|
|
|
import os
|
2024-04-24 21:23:39 +02:00
|
|
|
import hashlib
|
|
|
|
import string
|
|
|
|
from passlib.hash import pbkdf2_sha512
|
2024-02-10 10:40:23 +01:00
|
|
|
|
|
|
|
class VaultSecret:
|
|
|
|
def __init__(self,path: str,data: dict) -> None:
|
|
|
|
self.path=path
|
|
|
|
self.data=self.fill_empty_secret(data)
|
|
|
|
|
|
|
|
@staticmethod
|
|
|
|
def fill_empty_secret(data):
|
|
|
|
for k,v in data.items():
|
|
|
|
if v is None or v == "":
|
|
|
|
data[k]=secrets.token_urlsafe(16)
|
|
|
|
return data
|
|
|
|
|
2024-04-24 21:23:39 +02:00
|
|
|
class AutheliaSecret(VaultSecret):
|
|
|
|
def __init__(self,path: str) -> None:
|
|
|
|
self.path=path
|
|
|
|
self.data={
|
|
|
|
"password":"",
|
|
|
|
"hash":""
|
|
|
|
}
|
|
|
|
self.data["password"]=secrets.token_urlsafe(72)
|
|
|
|
self.data["hash"]=pbkdf2_sha512.using(rounds=310000, salt_size=16).hash(self.data["password"])
|
|
|
|
|
|
|
|
|
2024-02-10 10:40:23 +01:00
|
|
|
|
|
|
|
|
|
|
|
class Vault:
|
|
|
|
def __init__(self,url: str,token: str) -> None:
|
|
|
|
self.URL=url
|
|
|
|
self.token=token
|
|
|
|
|
|
|
|
def create_vault_secret (self,secret: VaultSecret) -> None:
|
|
|
|
resp=requests.post(
|
2024-02-13 20:28:38 +01:00
|
|
|
url= f'{self.URL}v1/secrets/data/{secret.path}',
|
2024-02-10 10:40:23 +01:00
|
|
|
headers={
|
|
|
|
'X-Vault-Token': self.token
|
|
|
|
},
|
|
|
|
data=json.dumps({"data":secret.data,
|
|
|
|
"options": {"cas": 0}
|
|
|
|
})
|
|
|
|
)
|
2024-02-13 20:28:38 +01:00
|
|
|
print(resp.url)
|
|
|
|
if resp.status_code == 200:
|
|
|
|
print(f"Create {secret.path} done")
|
|
|
|
else:
|
|
|
|
print(resp.status_code)
|
|
|
|
print(resp.content)
|
2024-02-10 10:40:23 +01:00
|
|
|
|
|
|
|
|
|
|
|
def main() -> None:
|
2024-02-13 20:28:38 +01:00
|
|
|
|
|
|
|
listSecret={
|
|
|
|
"nomad/ldap":{
|
|
|
|
"admin":""
|
|
|
|
},
|
|
|
|
"nomad/gitea":{
|
|
|
|
"internal_token":"",
|
|
|
|
"jwt_secret":"",
|
|
|
|
"secret_key":""
|
|
|
|
}
|
|
|
|
}
|
2024-04-24 21:23:39 +02:00
|
|
|
listAutheliaSecret=[
|
2024-04-28 16:10:43 +02:00
|
|
|
"authelia/ttrss",
|
2024-05-10 14:49:50 +02:00
|
|
|
"authelia/immich",
|
2024-05-10 15:50:45 +02:00
|
|
|
"authelia/mealie",
|
2024-06-25 18:45:46 +02:00
|
|
|
"authelia/grafana",
|
2024-10-19 16:28:25 +02:00
|
|
|
"authelia/vikunja",
|
|
|
|
"authelia/gitea"
|
2024-04-24 21:23:39 +02:00
|
|
|
]
|
2024-02-13 20:28:38 +01:00
|
|
|
|
2024-02-10 10:40:23 +01:00
|
|
|
token=os.getenv('VAULT_TOKEN',"")
|
|
|
|
vault_addr=os.getenv('VAULT_ADDR',"")
|
|
|
|
vault=Vault(vault_addr,token)
|
2024-02-13 20:28:38 +01:00
|
|
|
for k,v in listSecret.items():
|
|
|
|
secret=VaultSecret(k,v)
|
2024-02-10 10:40:23 +01:00
|
|
|
vault.create_vault_secret(secret)
|
2024-04-24 21:23:39 +02:00
|
|
|
for v in listAutheliaSecret:
|
|
|
|
autheliaSecret=AutheliaSecret(v)
|
|
|
|
print(autheliaSecret.data["hash"])
|
|
|
|
vault.create_vault_secret(autheliaSecret)
|
2024-02-10 10:40:23 +01:00
|
|
|
if __name__ == '__main__':
|
|
|
|
main()
|