Switched to HVAC Agent instead of connecting to the vault directly

2025-10-04 22:18:51 +02:00 · 2025-10-04 22:18:51 +02:00 · f8c9820e2c
commit f8c9820e2c
parent b2af6fe289
1 changed files with 5 additions and 19 deletions
--- a/hvac_handler.py
+++ b/hvac_handler.py
@ -1,27 +1,13 @@
-import base64
 import hvac
+import base64
+import os

-
-client = hvac.Client(
-	url='http://127.0.0.1:8200',
-	token='root'
-)
+HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
+client = hvac.Client(url=HVAC_AGENT_URL)

 def encrypt_token(token: str) -> str:
 	response = client.secrets.transit.encrypt_data(
 		name='push-tokens',
 		plaintext=base64.b64encode(token.encode()).decode()
 	)
-	return response['data']['ciphertext']
-
-
-# Decrypt a device token (for worker use)
-def decrypt_token(ciphertext: str) -> str:
-	response = client.secrets.transit.decrypt_data(
-		name='push-tokens',
-		ciphertext=ciphertext
-	)
-	plaintext_b64 = response['data']['plaintext']
-	return base64.b64decode(plaintext_b64).decode()
-
-
+	return response['data']['ciphertext']