Output a Key Vault Secrets report
Project description
azure-key-vault-report
Description
Generates a plain text report of secrets in the specified Key Vault.
A json payload (MS Teams) with the report included as a html table may also be generated.
Then table is generated and sorted (from top to bottom) by:
- the oldest
Expiration
date, then by - the oldest
Last Updated
date
The table also contains a Comment
columns, which may include info about:
- Days to when the secret will expire
- Days since the secret expired
- Info if the secret has no expiration date set
- Days since the Secret was last updated
The generate_report method accepts the following argument
expire_threshold
:int
Ignore to report the record if days till the secret will expire are more than specified value.
NOTE: Secrets expiring today or has already expired will always be reported.
Default:None
ignore_no_expiration
:bool
Report all records if set toFalse
. If set toTrue
only secrets withExpiration Date
set will be reported.
Default:True
include_all
:bool
If set toTrue
all records are included in the output.
Default:False
teams_json
:bool
If set toTrue
a json payload with the report as html table will also be generated.
Default:False
The raw list, which is used to generate the report, is fetched by invoking the following shell command as subprocess:
az keyvault secret list --vault-name NAME-OF-THE-KEY-VAULT
The default MS Team base payload
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "0076D7",
"summary": "-",
"sections": [
{
"activityTitle": "<VAULT NAME>",
"activitySubtitle": "",
"activityImage": "",
"facts": [],
"markdown": true
},
{
"startGroup": true,
"text": ""
}
]
}
activityTitle
and facts
will be generated and added.
Installation
pip install ops-py-azure-key-vault-report
Usage
Example code:
from azure_key_vault_report import azure_key_vault_report
name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report()
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
superSecret | 2023-10-31 | 2024-06-25 | Will expire in 204 days. Updated 34 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 74
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
kv_report.generate_report(include_all=True)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
superSecret | 2023-10-31 | 2024-06-25 | Will expire in 204 days. Updated 34 days ago.
ohhSooSecret | 2020-12-15 | | Has no expiration date. Updated 1084 days ago.
ThisWIllAlwaysBeMySecret | 2021-01-13 | | Has no expiration date. Updated 1055 days ago.
ForgotMySecret | 2021-02-04 | | Has no expiration date. Updated 1033 days ago.
...
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 148
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
kv_report.generate_report(expire_threshold=90)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 148
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
MS Teams payload
import json
from azure_key_vault_report import azure_key_vault_report
name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report(teams_json=True)
report = kv_report.get_json_output()
payload = json.dumps(report)
print(payload)
{"@type": "MessageCard", "@context": "http://schema.org/extensions", "themeColor": "0076D7", "summary": "-", "sections": [{"activityTitle":...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ops-py-azure-key-vault-report-1.0.2.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1a4b7a7976e4d550c65eec30b727138899b7a4c3c0de977dce74359ccc7b3682 |
|
MD5 | 92425b1e4df2ebdd5e46be58fa7dfb2e |
|
BLAKE2b-256 | 1e92b9883239beea364b9c643c8b2161a6764b94ccd71fc270f93aba2bc58829 |
Hashes for ops_py_azure_key_vault_report-1.0.2-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 35632ff5910a161efc9c4586eff54457b97c37fdd91d83863d4610279e47df8c |
|
MD5 | c80b6e8c08246fe10fc67682b951b725 |
|
BLAKE2b-256 | 1acb7343d2d8cf8d1c0f36853a5b1c5297d17054c5507e14184113409e256bcf |