homelab/script/generate-vault-secret

#!/usr/bin/env python

import requests
import secrets
import json
import os
import hashlib
import string
from passlib.hash import pbkdf2_sha512

class VaultSecret:
    def __init__(self,path: str,data: dict) -> None:
       self.path=path
       self.data=self.fill_empty_secret(data)

    @staticmethod
    def fill_empty_secret(data):
        for k,v in data.items():
            if v is None or v == "":
                data[k]=secrets.token_urlsafe(16)
        return data

class AutheliaSecret(VaultSecret):
    def __init__(self,path: str) -> None:
        self.path=path
        self.data={
            "password":"",
            "hash":""
        }
        self.data["password"]=secrets.token_urlsafe(72)
        self.data["hash"]=pbkdf2_sha512.using(rounds=310000, salt_size=16).hash(self.data["password"])




class Vault:
    def __init__(self,url: str,token: str) -> None:
       self.URL=url
       self.token=token

    def create_vault_secret (self,secret: VaultSecret) -> None:
        resp=requests.post(
            url= f'{self.URL}v1/secrets/data/{secret.path}',
            headers={
                'X-Vault-Token': self.token
            },
            data=json.dumps({"data":secret.data,
                             "options": {"cas": 0}
                             })
        )
        print(resp.url)
        if resp.status_code == 200:
            print(f"Create {secret.path} done")
        else:
            print(resp.status_code)
            print(resp.content)


def main() -> None:

    listSecret={
        "nomad/ldap":{
            "admin":""
        },
        "nomad/gitea":{
            "internal_token":"",
            "jwt_secret":"",
            "secret_key":""
        }
    }
    listAutheliaSecret=[
        "authelia/ttrss",
        "authelia/immich",
        "authelia/mealie"
    ]

    token=os.getenv('VAULT_TOKEN',"")
    vault_addr=os.getenv('VAULT_ADDR',"")
    vault=Vault(vault_addr,token)
    for k,v in listSecret.items():
        secret=VaultSecret(k,v)
        vault.create_vault_secret(secret)
    for v in listAutheliaSecret:
        autheliaSecret=AutheliaSecret(v)
        print(autheliaSecret.data["hash"])
        vault.create_vault_secret(autheliaSecret)
if __name__ == '__main__':
    main()