jwt-rs256

#!/usr/bin/env python3
import jwt
from datetime import datetime, timedelta, UTC

with open("private.pem", "r") as f:
    private_key = f.read()

headers = {
    "alg": "RS256",
    "typ": "JWT",
    "kid": "jenkins-oidc-token"
}

now = datetime.now(UTC)
payload = {
    "iss": "nulloidc",
    "aud": "vault",
    "exp": int((now + timedelta(minutes=30)).timestamp()),
    "iat": int(now.timestamp()),
    "job_name": "main-build",
    "sub": "${JOB_URL}",
    "build_number": 7
}

token = jwt.encode(payload, private_key, algorithm="RS256", headers=headers)

print(token)