Output a Key Vault Secrets report
Project description
azure-key-vault-report
Description
Generates a plain text report of secrets in the specified Key Vault.
A json payload (MS Teams) with the report included as a html table may also be generated.
Then table is generated and sorted (from top to bottom) by:
- the oldest
Expiration
date, then by - the oldest
Last Updated
date
The table also contains a Comment
columns, which may include info about:
- Days to when the secret will expire
- Days since the secret expired
- Info if the secret has no expiration date set
- Days since the Secret was last updated
The generate_report method accepts the following argument
expire_threshold
:int
Ignore to report the record if days till the secret will expire are more than specified value.
NOTE: Secrets expiring today or has already expired will always be reported.
Default:None
ignore_no_expiration
:bool
Report all records if set toFalse
. If set toTrue
only secrets withExpiration Date
set will be reported.
Default:True
include_all
:bool
If set toTrue
all records are included in the output.
Default:False
teams_json
:bool
If set toTrue
a json payload with the report as html table will also be generated.
Default:False
The raw list, which is used to generate the report, is fetched by invoking the following shell command as subprocess:
az keyvault secret list --vault-name NAME-OF-THE-KEY-VAULT
The default MS Team base payload
{
"@type": "MessageCard",
"@context": "http://schema.org/extensions",
"themeColor": "0076D7",
"summary": "-",
"sections": [
{
"activityTitle": "<VAULT NAME>",
"activitySubtitle": "",
"activityImage": "",
"facts": [],
"markdown": true
},
{
"startGroup": true,
"text": ""
}
]
}
activityTitle
and facts
will be generated and added.
Installation
pip install ops-py-azure-key-vault-report
Usage
Example code:
from azure_key_vault_report import azure_key_vault_report
name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report()
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
superSecret | 2023-10-31 | 2024-06-25 | Will expire in 204 days. Updated 34 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 74
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
kv_report.generate_report(include_all=True)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
superSecret | 2023-10-31 | 2024-06-25 | Will expire in 204 days. Updated 34 days ago.
ohhSooSecret | 2020-12-15 | | Has no expiration date. Updated 1084 days ago.
ThisWIllAlwaysBeMySecret | 2021-01-13 | | Has no expiration date. Updated 1055 days ago.
ForgotMySecret | 2021-02-04 | | Has no expiration date. Updated 1033 days ago.
...
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 148
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
kv_report.generate_report(expire_threshold=90)
kv_report.set_report_footer()
report = kv_report.get_report()
print(report)
---------------------------------------------------------------------------------------------------------------------------------------------
Secret Name | Last Updated | Expiration | Comment
---------------------------------------------------------------------------------------------------------------------------------------------
st-verySecretSecret | 2022-02-16 | 2022-09-09 | Expired 451 days ago. Updated 656 days ago.
---------------------------------------------------------------------------------------------------------------------------------------------
Secrets updated in the last year.........: 26
Secrets NOT updated in the last year.....: 14
Secrets NOT updated for the last 2 years.: 36
Secrets missing Expiration Date..........: 148
Total number of secrets..................: 76
---------------------------------------------------------------------------------------------------------------------------------------------
MS Teams payload
import json
from azure_key_vault_report import azure_key_vault_report
name = "kv-super-secrets"
kv_report = azure_key_vault_report.AzureKeyVaultReport(name)
kv_report.az_cmd()
kv_report.parse_results()
kv_report.generate_report(teams_json=True)
report = kv_report.get_json_output()
payload = json.dumps(report)
print(payload)
{"@type": "MessageCard", "@context": "http://schema.org/extensions", "themeColor": "0076D7", "summary": "-", "sections": [{"activityTitle":...
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ops-py-azure-key-vault-report-1.0.3.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 966b72cb6ae520f4394c1d8eceebfa13d4f41f51de0d0d3adf1df662598376cc |
|
MD5 | 41c6e67bdb9f2cb3adaa8a2dc65c7ad9 |
|
BLAKE2b-256 | 36aefe92a7ebfe0419af84ea8e91a73067e44d85df720855eb6b4c54db69d681 |
Hashes for ops_py_azure_key_vault_report-1.0.3-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | da2f313af700bed06024a4b5fe9dc13945d0266c196b1c2549c794a83524d4c1 |
|
MD5 | 9a7b5875bb55dc57aa1150293a0454a3 |
|
BLAKE2b-256 | 5760f06ece14284b550d9358eec1003843053e7d9d1cf16c540ac637fc84b4d6 |