From f8c9820e2cdf4c53b176e12d5b235f2b820c948e Mon Sep 17 00:00:00 2001
From: florian <flo@meergans.org>
Date: Sat, 4 Oct 2025 22:18:51 +0200
Subject: [PATCH] Switched to HVAC Agent instead of connecting to the vault
 directly

---
 hvac_handler.py | 24 +++++-------------------
 1 file changed, 5 insertions(+), 19 deletions(-)

diff --git a/hvac_handler.py b/hvac_handler.py
index 15d8ef0..b99eff4 100644
--- a/hvac_handler.py
+++ b/hvac_handler.py
@@ -1,27 +1,13 @@
-import base64
 import hvac
+import base64
+import os
 
-
-client = hvac.Client(
-	url='http://127.0.0.1:8200',
-	token='root'
-)
+HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
+client = hvac.Client(url=HVAC_AGENT_URL)
 
 def encrypt_token(token: str) -> str:
 	response = client.secrets.transit.encrypt_data(
 		name='push-tokens',
 		plaintext=base64.b64encode(token.encode()).decode()
 	)
-	return response['data']['ciphertext']
-
-
-# Decrypt a device token (for worker use)
-def decrypt_token(ciphertext: str) -> str:
-	response = client.secrets.transit.decrypt_data(
-		name='push-tokens',
-		ciphertext=ciphertext
-	)
-	plaintext_b64 = response['data']['plaintext']
-	return base64.b64decode(plaintext_b64).decode()
-
-
+	return response['data']['ciphertext']
\ No newline at end of file