Created
May 20, 2022 09:37
-
-
Save sdabbour-stratio/401f67d4c258d7a2c4c1585d42ef1370 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import sys | |
import json | |
import csv | |
import copy | |
import requests | |
vault_url = "https://vault.service.eos.prd.falabella.int:8200" | |
headers = { | |
'X-Vault-Request': 'true', | |
'X-Vault-Token': 's.BfOCMy6IRr0gErzPsGUiXiVZ', | |
'Content-Type': 'application/x-www-form-urlencoded', | |
} | |
def update_secrets(secrets_inventory, secret_file): | |
with open(secret_file, 'r') as f: | |
secret_data_basic = json.load(f) | |
with open(secrets_inventory) as csv_file: | |
csv_reader = csv.reader(csv_file, delimiter=',') | |
line_count = 0 | |
for row in csv_reader: | |
if line_count == 0: | |
# print(f'Column names are {", ".join(row)}') | |
line_count += 1 | |
else: | |
secret_path = row[0] | |
secret_name = row[1] | |
secret_data = copy.deepcopy(secret_data_basic) | |
# Update secret_data with new parentProject | |
secret_data["parentProject"] = secret_name | |
# Update the secret in Vault | |
try: | |
response = requests.put( | |
vault_url + '/v1/userland/passwords/{service_name}/{secret_name}'.format(service_name=secret_path, | |
secret_name=secret_name), | |
headers=headers, data=secret_data, verify=False) | |
print("{}, {}: {}".format(secret_path, secret_name, response.status_code)) | |
except Exception as e: | |
print("Error calling Vault API: " + str(e)) | |
line_count += 1 | |
print(f'Processed {line_count} lines.') | |
return True | |
if __name__ == '__main__': | |
args_count = len(sys.argv) | |
if args_count < 4: | |
print("Error, please provide the arguments: inventory_of_secrets.csv secret.json vault_token") | |
exit(1) | |
secrets_inventory = sys.argv[1] | |
secret_file = sys.argv[2] | |
vault_token = sys.argv[3] | |
headers["X-Vault-Token"] = vault_token | |
update_secrets(secrets_inventory, secret_file) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment