Removed HVAC handler and changed deployment to Kubernetes
This commit is contained in:
@@ -1,14 +1,13 @@
|
||||
import mysql.connector
|
||||
from mysql.connector import pooling
|
||||
import threading
|
||||
from hvac_handler import get_secret
|
||||
from secret_handler import return_credentials
|
||||
import os
|
||||
import time
|
||||
import sys
|
||||
|
||||
|
||||
db_username = get_secret("secret/api/db", "username")
|
||||
db_password = get_secret("secret/api/db", "password")
|
||||
db_username = return_credentials("/etc/secrets/db_username")
|
||||
db_password = return_credentials("/etc/secrets/db_password")
|
||||
db_host = os.getenv("BACKEND_API_DB_HOST","localhost")
|
||||
db_database = os.getenv("BACKEND_API_DB_DATABASE","app")
|
||||
|
||||
|
||||
@@ -1,43 +0,0 @@
|
||||
import hvac
|
||||
import base64
|
||||
import os
|
||||
import time
|
||||
import sys
|
||||
|
||||
HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
|
||||
|
||||
MAX_RETRIES = 5
|
||||
BACKOFF = 5
|
||||
|
||||
def get_client():
|
||||
for attempt in range(1, MAX_RETRIES+1):
|
||||
try:
|
||||
client = hvac.Client(url=HVAC_AGENT_URL)
|
||||
if client.is_authenticated():
|
||||
return client
|
||||
raise Exception("Not authenticated")
|
||||
except Exception as e:
|
||||
print(f"Vault connection failed (attempt {attempt}/{MAX_RETRIES}): {e}")
|
||||
time.sleep(BACKOFF * attempt)
|
||||
print("Vault unreachable after retries. Exiting.")
|
||||
sys.exit(1)
|
||||
|
||||
client = get_client()
|
||||
|
||||
def get_secret(path:str, key:str):
|
||||
try:
|
||||
secret = client.secrets.kv.v2.read_secret_version(
|
||||
mount_point="kv",
|
||||
path=path
|
||||
)
|
||||
return secret["data"]["data"][key]
|
||||
except Exception as e:
|
||||
print(f"Failed to fetch secret '{path}:{key}': {e}")
|
||||
sys.exit(1)
|
||||
|
||||
def encrypt_token(token: str) -> str:
|
||||
response = client.secrets.transit.encrypt_data(
|
||||
name='push-tokens',
|
||||
plaintext=base64.b64encode(token.encode()).decode()
|
||||
)
|
||||
return response['data']['ciphertext']
|
||||
@@ -5,7 +5,7 @@ from starlette.exceptions import HTTPException as StarletteHTTPException
|
||||
from typing import Optional,List
|
||||
from pydantic import BaseModel
|
||||
from validator import is_valid_platform,is_valid_token,verify_api_key
|
||||
from hvac_handler import encrypt_token
|
||||
from secret_handler import encrypt_token
|
||||
from db import get_db
|
||||
from logger_handler import setup_logger
|
||||
import uuid
|
||||
|
||||
16
src/secret_handler.py
Normal file
16
src/secret_handler.py
Normal file
@@ -0,0 +1,16 @@
|
||||
from cryptography.fernet import Fernet
|
||||
|
||||
with open("/etc/secrets/encryption_key","rb") as file:
|
||||
encryption_key = file.read()
|
||||
|
||||
fernet = Fernet(encryption_key)
|
||||
|
||||
def encrypt_token(token:str)->str:
|
||||
return fernet.encrypt(token.encode()).decode()
|
||||
|
||||
def decrypt_token(token:str)->str:
|
||||
return fernet.decrypt(token.encode()).decode()
|
||||
|
||||
def return_credentials(path: str)->str:
|
||||
with open (path) as file:
|
||||
return file.read()
|
||||
Reference in New Issue
Block a user