Output a Key Vault Secrets report

Navigation

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Equinor from gravatar.com Equinor

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License Copyright (c) 2024 Equinor Permission is hereby granted, free of charge, to any person...

Project description

azure-key-vault-report

Description

Generates a plain text report of secrets in the specified Key Vault.
A json payload (MS Teams) with the report included as a html table may also be generated.

Then table is generated and sorted (from top to bottom) by:

  • the oldest Expiration date, then by
  • the oldest Last Updated date

The table also contains a Comment columns, which may include info about:

  • Days to when the secret will expire
  • Days since the secret expired
  • Info if the secret has no expiration date set
  • Days since the Secret was last updated

The generate_report method accepts the following argument

  • expire_threshold : int
    Ignore to report the record if days till the secret will expire are more than specified value.
    NOTE: Secrets expiring today or has already expired will always be reported.
    Default: None
  • ignore_no_expiration : bool
    Report all records if set to False. If set to True only secrets with Expiration Date set will be reported.
    Default: True
  • include_all : bool
    If set to True all records are included in the output.
    Default: False
  • teams_json : bool
    If set to True a json payload with the report as html table will also be generated.
    Default: False

The raw list, which is used to generate the report, is fetched by invoking the following shell command as subprocess:
az keyvault secret list --vault-name NAME-OF-THE-KEY-VAULT

The default MS Team base payload

{
  "@type": "MessageCard",
  "@context": "http://schema.org/extensions",
  "themeColor": "0076D7",
  "summary": "-",
  "sections": [
    {
      "activityTitle": "<VAULT NAME>",
      "activitySubtitle": "",
      "activityImage": "",
      "facts": [],
      "markdown": true
    },
    {
      "startGroup": true,
      "text": ""
    }
  ]
}

activityTitle and facts will be generated and added.

Installation

pip install ops-py-azure-key-vault-report

Usage

Example code:

from azure_key_vault_report import azure_key_vault_report

name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report()
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
 superSecret                                       | 2023-10-31        | 2024-06-25        | Will expire in 204 days. Updated 34 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 74
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------


kv_report.generate_report(include_all=True)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
 superSecret                                       | 2023-10-31        | 2024-06-25        | Will expire in 204 days. Updated 34 days ago.
 ohhSooSecret                                      | 2020-12-15        |                   | Has no expiration date. Updated 1084 days ago.
 ThisWIllAlwaysBeMySecret                          | 2021-01-13        |                   | Has no expiration date. Updated 1055 days ago.
 ForgotMySecret                                    | 2021-02-04        |                   | Has no expiration date. Updated 1033 days ago.
 ...
 ---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 148
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------


kv_report.generate_report(expire_threshold=90)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
 Secret Name                                       | Last Updated      | Expiration        | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
 st-verySecretSecret                               | 2022-02-16        | 2022-09-09        | Expired 451 days ago. Updated 656 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
 Secrets updated in the last year.........: 26
 Secrets NOT updated in the last year.....: 14
 Secrets NOT updated for the last 2 years.: 36
 Secrets missing Expiration Date..........: 148
 Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------

MS Teams payload

import json
from azure_key_vault_report import azure_key_vault_report

name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report(teams_json=True)
report = kv_report.get_json_output()
payload = json.dumps(report)
print(payload)

{"@type": "MessageCard", "@context": "http://schema.org/extensions", "themeColor": "0076D7", "summary": "-", "sections": [{"activityTitle":...

Project details

Verified details

These details have been verified by PyPI
Maintainers
Avatar for Equinor from gravatar.com Equinor

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License Copyright (c) 2024 Equinor Permission is hereby granted, free of charge, to any person...

Release history Release notifications | RSS feed

7.1.1

7.1.0

7.0.1

7.0.0

6.1.0

6.0.0

5.0.5

5.0.4

5.0.3

5.0.2

5.0.1

5.0.0

4.0.1

4.0.0

3.3.0

3.2.1

3.2.0

3.1.1

3.1.0

3.0.4

This version

3.0.3

3.0.2

3.0.1

3.0.0

2.2.0

2.1.0

2.0.0

1.0.7

1.0.6

1.0.5

1.0.4

1.0.3

1.0.2

1.0.1

1.0.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

ops-py-azure-key-vault-report-3.0.3.tar.gz (11.8 kB view details)

Uploaded Source

Built Distribution

ops_py_azure_key_vault_report-3.0.3-py3-none-any.whl (13.3 kB view details)

Uploaded Python 3

File details

Details for the file ops-py-azure-key-vault-report-3.0.3.tar.gz.

File metadata

File hashes

Hashes for ops-py-azure-key-vault-report-3.0.3.tar.gz
Algorithm Hash digest
SHA256 5286bf4a09cdf46dd8bf24c8234bb3d0617c61e776e60848d583962746c30259
MD5 818009f60a1326d95f3bf1c115d29f51
BLAKE2b-256 4b6b75af08e38e0888445bec0b75ededcd3ef6bb8b4ff4e9de568b13c95f488e

See more details on using hashes here.

File details

Details for the file ops_py_azure_key_vault_report-3.0.3-py3-none-any.whl.

File metadata

File hashes

Hashes for ops_py_azure_key_vault_report-3.0.3-py3-none-any.whl
Algorithm Hash digest
SHA256 1d43177e918180bd42757b98d1d9fad1feeb4473cfaa7fa2b96d8fcf575a571c
MD5 f78297d65a491b2a176926648d5ef7b6
BLAKE2b-256 d3cb932dc72b69289888653aa4dc66b49d7ca5cd190cea05073848db7f42b2ba

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page