Output a Key Vault Secrets report

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Equinor from gravatar.com Equinor

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License Copyright (c) 2023 Equinor Permission is hereby granted, free of charge, to any person...

Project description

azure-key-vault-report

Description

Generates a plain text report of secrets in the specified Key Vault.
A json payload (MS Teams) with the report included as a html table may also be generated.

Then table is generated and sorted (from top to bottom) by:

  • the oldest Expiration date, then by
  • the oldest Last Updated date

The table also contains a Comment columns, which may include info about:

  • Days to when the secret will expire
  • Days since the secret expired
  • Info if the secret has no expiration date set
  • Days since the Secret was last updated

The generate_report method accepts the following argument

  • expire_threshold : int
    Ignore to report the record if days till the secret will expire are more than specified value.
    NOTE: Secrets expiring today or has already expired will always be reported.
    Default: None
  • ignore_no_expiration : bool
    Report all records if set to False. If set to True only secrets with Expiration Date set will be reported.
    Default: True
  • include_all : bool
    If set to True all records are included in the output.
    Default: False
  • teams_json : bool
    If set to True a json payload with the report as html table will also be generated.
    Default: False

The raw list, which is used to generate the report, is fetched by invoking the following shell command as subprocess:
az keyvault secret list --vault-name NAME-OF-THE-KEY-VAULT

The default MS Team base payload

{
  "@type": "MessageCard",
  "@context": "http://schema.org/extensions",
  "themeColor": "0076D7",
  "summary": "-",
  "sections": [
    {
      "activityTitle": "<VAULT NAME>",
      "activitySubtitle": "",
      "activityImage": "",
      "facts": [],
      "markdown": true
    },
    {
      "startGroup": true,
      "text": ""
    }
  ]
}

activityTitle and facts will be generated and added.

Installation

pip install ops-py-azure-key-vault-report

Usage

Example code:

from azure_key_vault_report import azure_key_vault_report

name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report()
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
 superSecret                                       | 2023-10-31        | 2024-06-25        | Will expire in 204 days. Updated 34 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 74
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------


kv_report.generate_report(include_all=True)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
 superSecret                                       | 2023-10-31        | 2024-06-25        | Will expire in 204 days. Updated 34 days ago.
 ohhSooSecret                                      | 2020-12-15        |                   | Has no expiration date. Updated 1084 days ago.
 ThisWIllAlwaysBeMySecret                          | 2021-01-13        |                   | Has no expiration date. Updated 1055 days ago.
 ForgotMySecret                                    | 2021-02-04        |                   | Has no expiration date. Updated 1033 days ago.
 ...
 ---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 148
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------


kv_report.generate_report(expire_threshold=90)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 148
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------

MS Teams payload

import json
from azure_key_vault_report import azure_key_vault_report

name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report(teams_json=True)
report = kv_report.get_json_output()
payload = json.dumps(report)
print(payload)

{"@type": "MessageCard", "@context": "http://schema.org/extensions", "themeColor": "0076D7", "summary": "-", "sections": [{"activityTitle":...

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Equinor from gravatar.com Equinor

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License Copyright (c) 2023 Equinor Permission is hereby granted, free of charge, to any person...

Release history Release notifications | RSS feed

7.1.1

7.1.0

7.0.1

7.0.0

6.1.0

6.0.0

5.0.5

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

4.0.1

4.0.0

3.3.0

3.2.1

3.2.0

3.1.1

3.1.0

3.0.4

3.0.3

3.0.2

3.0.1

3.0.0

2.2.0

2.1.0

2.0.0

1.0.7

1.0.6

1.0.5

This version

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ops-py-azure-key-vault-report-1.0.4.tar.gz (10.8 kB view details)

Uploaded Source

Built Distribution

ops_py_azure_key_vault_report-1.0.4-py3-none-any.whl (10.7 kB view details)

Uploaded Python 3

File details

Details for the file ops-py-azure-key-vault-report-1.0.4.tar.gz.

File metadata

File hashes

Hashes for ops-py-azure-key-vault-report-1.0.4.tar.gz
Algorithm Hash digest
SHA256 3da6bcf483cf4ea30561d6e3583e48742fa28c4af79b6ff30b64cdf2aa5a37fd
MD5 28b7b4ff51287c4d179364910285e303
BLAKE2b-256 313a4c10aae8c2e65677183ad9e0dc4bcd1875899c91e89fa1936c77f1165772

See more details on using hashes here.

File details

Details for the file ops_py_azure_key_vault_report-1.0.4-py3-none-any.whl.

File metadata

File hashes

Hashes for ops_py_azure_key_vault_report-1.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 76b27ec58c3d76ee3d20d6e3c0be76f87793de185031bb3bd7d463bb0cf4e48a
MD5 5ba5233c3c37acb508fa164206c272e8
BLAKE2b-256 eaf4c8910a6e2d3a4959ecb26750688326282a1fd59244f5ac385eb287877750

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page