create script to bootstrap vault secret

This commit is contained in:
vincent 2024-02-10 10:40:23 +01:00
parent c8f7d7f8c3
commit 2bae64c40b

50
script/generate-vault-secret Executable file
View File

@ -0,0 +1,50 @@
#!/usr/bin/env python
import requests
import secrets
import json
import os
class VaultSecret:
def __init__(self,path: str,data: dict) -> None:
self.path=path
self.data=self.fill_empty_secret(data)
@staticmethod
def fill_empty_secret(data):
for k,v in data.items():
if v is None or v == "":
data[k]=secrets.token_urlsafe(16)
return data
class Vault:
def __init__(self,url: str,token: str) -> None:
self.URL=url
self.token=token
def create_vault_secret (self,secret: VaultSecret) -> None:
resp=requests.post(
url= f'{self.URL}/v1/secrets/data/{secret.path}',
headers={
'X-Vault-Token': self.token
},
data=json.dumps({"data":secret.data,
"options": {"cas": 0}
})
)
print(resp.content)
def main() -> None:
secretList=[]
secretList.append(VaultSecret("nomad/ldap",{"admin":""}))
token=os.getenv('VAULT_TOKEN',"")
vault_addr=os.getenv('VAULT_ADDR',"")
vault=Vault(vault_addr,token)
for secret in secretList:
vault.create_vault_secret(secret)
if __name__ == '__main__':
main()