create script to bootstrap vault secret

2024-02-10 10:40:23 +01:00 · 2024-02-10 10:40:23 +01:00 · 2bae64c40b
commit 2bae64c40b
parent c8f7d7f8c3
1 changed files with 50 additions and 0 deletions
--- a/script/generate-vault-secret
+++ b/script/generate-vault-secret
@ -0,0 +1,50 @@
 #!/usr/bin/env python
 import requests
 import secrets
 import json
 import os
 class VaultSecret:
    def __init__(self,path: str,data: dict) -> None:
       self.path=path
       self.data=self.fill_empty_secret(data)
    @staticmethod
    def fill_empty_secret(data):
        for k,v in data.items():
            if v is None or v == "":
                data[k]=secrets.token_urlsafe(16)
        return data
 class Vault:
    def __init__(self,url: str,token: str) -> None:
       self.URL=url
       self.token=token
    def create_vault_secret (self,secret: VaultSecret) -> None:
        resp=requests.post(
            url= f'{self.URL}/v1/secrets/data/{secret.path}',
            headers={
                'X-Vault-Token': self.token
            },
            data=json.dumps({"data":secret.data,
                             "options": {"cas": 0}
                             })
        )
        print(resp.content)
 def main() -> None:
    secretList=[]
    secretList.append(VaultSecret("nomad/ldap",{"admin":""}))
    token=os.getenv('VAULT_TOKEN',"")
    vault_addr=os.getenv('VAULT_ADDR',"")
    vault=Vault(vault_addr,token)
    for secret in secretList:
        vault.create_vault_secret(secret)
 if __name__ == '__main__':
    main()