Florian
00bacba60f
Changed database lookup to look for a hashed token (that stays the same) and not a encrypted token by the vault which changes
28 lines
585 B
Python
28 lines
585 B
Python
import base64
|
|
import hvac
|
|
|
|
|
|
client = hvac.Client(
|
|
url='http://127.0.0.1:8200',
|
|
token='root'
|
|
)
|
|
|
|
def encrypt_token(token: str) -> str:
|
|
response = client.secrets.transit.encrypt_data(
|
|
name='push-tokens',
|
|
plaintext=base64.b64encode(token.encode()).decode()
|
|
)
|
|
return response['data']['ciphertext']
|
|
|
|
|
|
# Decrypt a device token (for worker use)
|
|
def decrypt_token(ciphertext: str) -> str:
|
|
response = client.secrets.transit.decrypt_data(
|
|
name='push-tokens',
|
|
ciphertext=ciphertext
|
|
)
|
|
plaintext_b64 = response['data']['plaintext']
|
|
return base64.b64decode(plaintext_b64).decode()
|
|
|
|
|