import random import os import ruamel.yaml import string import subprocess yaml = ruamel.yaml.YAML() def generate_random_string(length): characters = string.ascii_letters + string.digits return "".join(random.choice(characters) for i in range(length)) def generate_secrets_file(secrets_file, git_sync_password): with open(secrets_file, "w", encoding="utf-8") as file: yaml.dump( { "elasticsearch": { "config": { "rbac": { "builtinUsers": { "apm_system": generate_random_string(8), "beats_system": generate_random_string(8), "elastic": generate_random_string(8), "kibana_system": generate_random_string(8), "logstash_system": generate_random_string(8), "remote_monitoring_user": generate_random_string(8), }, "customUsers": { "logstash_internal": { "password": generate_random_string(8) }, "logstash_writer": { "password": generate_random_string(8) }, "prometheus": {"password": "monitor"}, }, } } }, "kibana": { "config": { "encryption": { "common": generate_random_string(32), "reporting": generate_random_string(32), "savedObjects": generate_random_string(32), } } }, "logstash": { "gitSync": {"password": git_sync_password}, "password": generate_random_string(32), }, "oauthProxy": { "clientSecret": generate_random_string(20), "cookie_secret": generate_random_string(32), }, "tls": { "externalCertificates": { "kibana": {"tls_key": "ImportMeFromSopsFile"} }, "keystorePassword": generate_random_string(8), "truststorePassword": generate_random_string(8), }, }, file, ) try: subprocess.run( [ "sops", "-e", "--in-place", "--hc-vault-transit=https://vault.laas.cloud.itz.in.bund.de/v1/sops/key/laas-bn-infra", secrets_file, ], check=True, ) except subprocess.CalledProcessError as e: print(f"Error: {e.returncode}\n{e.stderr}")