#!/usr/bin/env python import requests import secrets import json import os import hashlib import string from passlib.hash import pbkdf2_sha512 class VaultSecret: def __init__(self,path: str,data: dict) -> None: self.path=path self.data=self.fill_empty_secret(data) @staticmethod def fill_empty_secret(data): for k,v in data.items(): if v is None or v == "": data[k]=secrets.token_urlsafe(16) return data class AutheliaSecret(VaultSecret): def __init__(self,path: str) -> None: self.path=path self.data={ "password":"", "hash":"" } self.data["password"]=secrets.token_urlsafe(72) self.data["hash"]=pbkdf2_sha512.using(rounds=310000, salt_size=16).hash(self.data["password"]) class Vault: def __init__(self,url: str,token: str) -> None: self.URL=url self.token=token def create_vault_secret (self,secret: VaultSecret) -> None: resp=requests.post( url= f'{self.URL}v1/secrets/data/{secret.path}', headers={ 'X-Vault-Token': self.token }, data=json.dumps({"data":secret.data, "options": {"cas": 0} }) ) print(resp.url) if resp.status_code == 200: print(f"Create {secret.path} done") else: print(resp.status_code) print(resp.content) def main() -> None: listSecret={ "nomad/ldap":{ "admin":"" }, "nomad/gitea":{ "internal_token":"", "jwt_secret":"", "secret_key":"" } } listAutheliaSecret=[ "authelia/ttrss" ] token=os.getenv('VAULT_TOKEN',"") vault_addr=os.getenv('VAULT_ADDR',"") vault=Vault(vault_addr,token) for k,v in listSecret.items(): secret=VaultSecret(k,v) vault.create_vault_secret(secret) for v in listAutheliaSecret: autheliaSecret=AutheliaSecret(v) print(autheliaSecret.data["hash"]) vault.create_vault_secret(autheliaSecret) if __name__ == '__main__': main()