Post Key Vault Secrets report to webhook
Project description
azure-key-vault-alert
Description
Generates a Key Vault report table and summary table for one more Key Vaults using ops-py-azure-key-vault-report
The result is posted to a webhook url (WEBHOOK_REPORT
).
An additional empty notify may also be post secondary webhook url (WEBHOOK_NOTIFY
)
The result may be posted to a Slack webhook (Slack App or Slack Workflow) or to MS Teams webhook.
The post requests are handled by ops-py-message-handler.
Slack
If the url of the webhook contains slack.com
the report will be posted to Slack.
- Slack App
If the webhook containsslack.com/services
a payload for a Slack App will be generated in the following format:{"text": "*title*\n```result```"}
- Slack Workflow
If the webhook containsslack.com
, but not theslack.com/services
part, a payload for a Slack Workflow will be generated. The Workflow will have to be set up to accept aTitle
variable and aText
variable.
MS Teams
- If the url of the webhook does not contain
slack.com
a payload for MS Teams will be generated. The payload will also contain a html table of the report (if any). If nothing to report, only a summary will be posted asfacts
.
Installation
pip install ops-py-azure-key-vault-alert
Usage
Export the webhook url(s) as environment variables:
-
WEBHOOK_REPORT
The result is posted to the value of this webhook. E.g.:
export WEBHOOK_REPORT="https://hooks.slack.com/workflows/T02XYZ..."
-
WEBHOOK_NOTIFY
When the result has been posted, an additional POST is performed to the value of this webhook. E.g.:
export WEBHOOK_NOTIFY="https://hooks.slack.com/workflows/T02ZYX..."
Provide the list of Key Vaults after the -v
/ --vaults
' command line argument (space separated), e.g.:
python3 azure_key_vault_alert -v kv-prod kv-dev kv-qa
Other valid arguments:
--expire_threshold
If this argument is provided and followed by an int value,
the record will only be reported if days to the record's Expiration Date is below the threshold.
--include_no_expiration
If this argument is provided, the report will also include the records which has no Expiration Date
set.
The default behavior is simply to ignore the record which does not have a Expiration Date
set.
--include_all
If this argument is provided, the report will include all the records (verbose).
--title
The title of the message posted in Slack or MS Teams (Default: Azure Key Vault report)
--record_types
List of record types to check for. E.g. certificate secret
Valid types are: certificate secret key (Default is all: certificate secret key)
--slack_split_chars
If the Slack message is above this value it will be split into multiple posts (default: 3500).
Each post will then include a maximum of 3500 characters.
--teams_max_chars
The max characters the report can have due to the MS Teams payload size limits (default: 17367).
If the message is above this threshold then only the facts (summary) will be posted to MS Teams.
The HTML table will in this case not be included.
--stdout_only
Only print report to stdout. No POST to the Message Handler
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for ops-py-azure-key-vault-alert-4.4.1.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 95e8532bf6894f67584831dffb0519e26a9e7a5c6b6d0f608a13ba24ef226cad |
|
MD5 | 486eaa075df5c024254bb8957b8ab2df |
|
BLAKE2b-256 | 5d6c43752d479ecd69759f897070ed9f3ecb8af740d7b7bd2a36db881bd362d1 |
Hashes for ops_py_azure_key_vault_alert-4.4.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 624ba79a95cc408afd36f2e279904a02c177d748955454e28d3ecfeea051700c |
|
MD5 | 4ec81092caa7f053a19acfc8c0bb4a34 |
|
BLAKE2b-256 | 10a2f87100f9191bbb8dd96c6c1ffb205caed98f902bd0a7485779f05cde2fd6 |