homelab/script/generate-vault-secret
vincent f9ff70a9d9
Some checks failed
continuous-integration/drone/push Build is failing
feat: immich sso
2024-05-10 14:49:50 +02:00

89 lines
2.2 KiB
Python
Executable File

#!/usr/bin/env python
import requests
import secrets
import json
import os
import hashlib
import string
from passlib.hash import pbkdf2_sha512
class VaultSecret:
def __init__(self,path: str,data: dict) -> None:
self.path=path
self.data=self.fill_empty_secret(data)
@staticmethod
def fill_empty_secret(data):
for k,v in data.items():
if v is None or v == "":
data[k]=secrets.token_urlsafe(16)
return data
class AutheliaSecret(VaultSecret):
def __init__(self,path: str) -> None:
self.path=path
self.data={
"password":"",
"hash":""
}
self.data["password"]=secrets.token_urlsafe(72)
self.data["hash"]=pbkdf2_sha512.using(rounds=310000, salt_size=16).hash(self.data["password"])
class Vault:
def __init__(self,url: str,token: str) -> None:
self.URL=url
self.token=token
def create_vault_secret (self,secret: VaultSecret) -> None:
resp=requests.post(
url= f'{self.URL}v1/secrets/data/{secret.path}',
headers={
'X-Vault-Token': self.token
},
data=json.dumps({"data":secret.data,
"options": {"cas": 0}
})
)
print(resp.url)
if resp.status_code == 200:
print(f"Create {secret.path} done")
else:
print(resp.status_code)
print(resp.content)
def main() -> None:
listSecret={
"nomad/ldap":{
"admin":""
},
"nomad/gitea":{
"internal_token":"",
"jwt_secret":"",
"secret_key":""
}
}
listAutheliaSecret=[
"authelia/ttrss",
"authelia/immich",
"authelia/mealie"
]
token=os.getenv('VAULT_TOKEN',"")
vault_addr=os.getenv('VAULT_ADDR',"")
vault=Vault(vault_addr,token)
for k,v in listSecret.items():
secret=VaultSecret(k,v)
vault.create_vault_secret(secret)
for v in listAutheliaSecret:
autheliaSecret=AutheliaSecret(v)
print(autheliaSecret.data["hash"])
vault.create_vault_secret(autheliaSecret)
if __name__ == '__main__':
main()