From f67fd993335cf6030cd6dc5fc73da2546ad88f61 Mon Sep 17 00:00:00 2001
From: florian <flo@meergans.org>
Date: Sat, 4 Oct 2025 22:14:47 +0200
Subject: [PATCH] Switched to HVAC Agent instead of connecting to the vault
 directly

---
 hvac_handler.py | 24 ++++++++++--------------
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/hvac_handler.py b/hvac_handler.py
index 5784555..8db9769 100644
--- a/hvac_handler.py
+++ b/hvac_handler.py
@@ -1,18 +1,14 @@
-import base64
 import hvac
+import base64
+import os
 
-
-client = hvac.Client(
-	url='http://127.0.0.1:8200',
-	token='root'
-)
+HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
+client = hvac.Client(url=HVAC_AGENT_URL)
 
 def decrypt_token(ciphertext: str) -> str:
-	response = client.secrets.transit.decrypt_data(
-		name='push-tokens',
-		ciphertext=ciphertext
-	)
-	plaintext_b64 = response['data']['plaintext']
-	return base64.b64decode(plaintext_b64).decode()
-
-
+    response = client.secrets.transit.decrypt_data(
+        name="push-tokens",
+        ciphertext=ciphertext
+    )
+    plaintext_b64 = response["data"]["plaintext"]
+    return base64.b64decode(plaintext_b64).decode()