feat: add infisical config and upload script

2026-02-01 13:20:45 +00:00
parent b9e7cccaaf
commit ab20993993
2 changed files with 108 additions and 0 deletions
--- a/upload_to_infisical.py
+++ b/upload_to_infisical.py
@@ -0,0 +1,103 @@
+#!/usr/bin/env python3
+"""上传 .env 文件到 Infisical"""
+
+import os
+import re
+import requests
+
+INFISICAL_URL = "https://infisical.seekkey.eu.org/api"
+TOKEN = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdXRoTWV0aG9kIjoiZW1haWwiLCJhdXRoVG9rZW5UeXBlIjoiYWNjZXNzVG9rZW4iLCJ1c2VySWQiOiJkY2NkYzVhYS04OTU0LTQwMmEtOWJkMi00OGM0NmNmZTVkZWQiLCJ0b2tlblZlcnNpb25JZCI6IjE4ZTlhMWEwLThmZTItNGE1MS1hMGQ4LTJiMWVmOTcyNDNiNiIsImFjY2Vzc1ZlcnNpb24iOjEsIm9yZ2FuaXphdGlvbklkIjoiNTI3NjU4ZGQtNWUwZS00NzAzLThiMDktOGNkZmFhZTk2YmIwIiwiaWF0IjoxNzY5ODMyNzI5LCJleHAiOjE3NzA2OTY3Mjl9.OcAUDeioCFNCXx6OjuTjzlgg9AKWPS0EIJr4K87aH1Q"
+WORKSPACE_ID = "9946b650-e08b-40d9-8e28-a55e3b19ec94"
+ENVIRONMENT = "dev"
+
+def parse_env_file(filepath):
+    """解析 .env 文件，返回 key-value 字典"""
+    secrets = {}
+    with open(filepath, 'r') as f:
+        for line in f:
+            line = line.strip()
+            # 跳过空行和注释
+            if not line or line.startswith('#') or line.startswith('---'):
+                continue
+            # 匹配 KEY=VALUE 格式
+            match = re.match(r'^([A-Za-z_][A-Za-z0-9_]*)=(.*)$', line)
+            if match:
+                key = match.group(1)
+                value = match.group(2)
+                secrets[key] = value
+    return secrets
+
+def upload_secret(key, value):
+    """使用 Infisical API 上传单个 secret"""
+    headers = {
+        "Authorization": f"Bearer {TOKEN}",
+        "Content-Type": "application/json"
+    }
+    
+    # 获取工作区的加密密钥
+    url = f"{INFISICAL_URL}/v3/secrets/{key}"
+    params = {
+        "workspaceId": WORKSPACE_ID,
+        "environment": ENVIRONMENT,
+        "type": "shared"
+    }
+    
+    # 先检查 secret 是否存在
+    response = requests.get(url, headers=headers, params=params)
+    
+    if response.status_code == 200:
+        # 更新现有 secret
+        secret_id = response.json().get('secret', {}).get('id')
+        update_url = f"{INFISICAL_URL}/v3/secrets/{secret_id}"
+        data = {
+            "workspaceId": WORKSPACE_ID,
+            "environment": ENVIRONMENT,
+            "type": "shared",
+            "secretValue": value
+        }
+        response = requests.patch(update_url, headers=headers, json=data)
+        action = "更新"
+    elif response.status_code == 404:
+        # 创建新 secret - 使用批量创建 API
+        create_url = f"{INFISICAL_URL}/v3/secrets/batch/raw"
+        data = {
+            "workspaceId": WORKSPACE_ID,
+            "environment": ENVIRONMENT,
+            "secrets": [{
+                "secretKey": key,
+                "secretValue": value,
+                "type": "shared"
+            }]
+        }
+        response = requests.post(create_url, headers=headers, json=data)
+        action = "创建"
+    else:
+        print(f"❌ 检查 {key} 失败: {response.status_code}")
+        return False
+    
+    if response.status_code in [200, 201]:
+        print(f"✅ {action}: {key}")
+        return True
+    else:
+        print(f"❌ {action} {key} 失败: {response.status_code} - {response.text[:100]}")
+        return False
+
+def main():
+    env_file = "/home/ben/terraform/.env"
+    secrets = parse_env_file(env_file)
+    
+    print(f"📤 开始上传 {len(secrets)} 个 secrets 到 Infisical...")
+    print(f"   工作区: {WORKSPACE_ID}")
+    print(f"   环境: {ENVIRONMENT}")
+    print()
+    
+    success_count = 0
+    for key, value in secrets.items():
+        if upload_secret(key, value):
+            success_count += 1
+    
+    print()
+    print(f"🎉 完成! 成功上传 {success_count}/{len(secrets)} 个 secrets")
+
+if __name__ == "__main__":
+    main()