Removed HVAC handler and changed deployment to Kubernetes

Dockerfile

@@ -8,6 +8,6 @@ WORKDIR /app
 
 COPY src/ /app/
 
-ENTRYPOINT ["sh", "-c", "sleep 10 && python main.py"]
+ENTRYPOINT ["python","main.py"]
 
 

requirements.txt

@@ -2,22 +2,18 @@ annotated-types==0.7.0
 anyio==4.11.0
 argon2-cffi==25.1.0
 argon2-cffi-bindings==25.1.0
-certifi==2025.8.3
 cffi==2.0.0
-charset-normalizer==3.4.3
 click==8.3.0
+cryptography==46.0.2
 fastapi==0.118.0
 h11==0.16.0
-hvac==2.3.0
 idna==3.10
 mysql-connector-python==9.4.0
 pycparser==2.23
-pydantic==2.11.9
+pydantic==2.12.0
-pydantic_core==2.33.2
+pydantic_core==2.41.1
-requests==2.32.5
 sniffio==1.3.1
 starlette==0.48.0
 typing-inspection==0.4.2
 typing_extensions==4.15.0
-urllib3==2.5.0
 uvicorn==0.37.0

src/db.py

@@ -1,14 +1,13 @@
 import mysql.connector
-from mysql.connector import pooling
 import threading
-from hvac_handler import get_secret
+from secret_handler import return_credentials
 import os
 import time
 import sys
 
 
-db_username = get_secret("secret/api/db", "username")
+db_username = return_credentials("/etc/secrets/db_username")
-db_password = get_secret("secret/api/db", "password")
+db_password = return_credentials("/etc/secrets/db_password")
 db_host = os.getenv("BACKEND_API_DB_HOST","localhost")
 db_database = os.getenv("BACKEND_API_DB_DATABASE","app")
 

src/hvac_handler.py

@@ -1,43 +0,0 @@
-import hvac
-import base64
-import os
-import time
-import sys
-
-HVAC_AGENT_URL = os.getenv("HVAC_AGENT_URL","http://vault-agent:8201")
-
-MAX_RETRIES = 5
-BACKOFF = 5
-
-def get_client():
-	for attempt in range(1, MAX_RETRIES+1):
-		try:
-			client = hvac.Client(url=HVAC_AGENT_URL)
-			if client.is_authenticated():
-				return client
-			raise Exception("Not authenticated")
-		except Exception as e:
-			print(f"Vault connection failed (attempt {attempt}/{MAX_RETRIES}): {e}")
-			time.sleep(BACKOFF * attempt)
-	print("Vault unreachable after retries. Exiting.")
-	sys.exit(1)
-
-client = get_client()
-
-def get_secret(path:str, key:str):
-	try:
-		secret = client.secrets.kv.v2.read_secret_version(
-			mount_point="kv",
-			path=path
-		)
-		return secret["data"]["data"][key]
-	except Exception as e:
-		print(f"Failed to fetch secret '{path}:{key}': {e}")
-		sys.exit(1)
-
-def encrypt_token(token: str) -> str:
-	response = client.secrets.transit.encrypt_data(
-		name='push-tokens',
-		plaintext=base64.b64encode(token.encode()).decode()
-	)
-	return response['data']['ciphertext']

src/main.py

@@ -5,7 +5,7 @@ from starlette.exceptions import HTTPException as StarletteHTTPException
 from typing import Optional,List
 from pydantic import BaseModel
 from validator import is_valid_platform,is_valid_token,verify_api_key
-from hvac_handler import encrypt_token
+from secret_handler import encrypt_token
 from db import get_db
 from logger_handler import setup_logger
 import uuid

src/secret_handler.py

@@ -0,0 +1,16 @@
+from cryptography.fernet import Fernet
+
+with open("/etc/secrets/encryption_key","rb") as file:
+		  encryption_key = file.read()
+
+fernet = Fernet(encryption_key)
+
+def  encrypt_token(token:str)->str:
+	return fernet.encrypt(token.encode()).decode()
+
+def decrypt_token(token:str)->str:
+	return fernet.decrypt(token.encode()).decode()
+		  
+def return_credentials(path: str)->str:
+	with open (path) as file:
+	    return file.read()