tessl/pypi-azure-mgmt-recoveryservices
Microsoft Azure Recovery Services Client Library for Python providing comprehensive APIs for managing Recovery Services vaults, certificates, private endpoints, and usage monitoring.
—
Pending
Quality
Pending
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
extended-vault-info.mddocs/
Extended Vault Information
Management of additional vault metadata and extended configuration information beyond the core vault properties. Extended vault information includes algorithm settings, integrity validation parameters, and additional metadata that supports advanced backup and recovery scenarios.
Capabilities
Get Extended Vault Information
Retrieves extended information and metadata for a Recovery Services vault.
def get(resource_group_name: str, vault_name: str, **kwargs) -> VaultExtendedInfoResource:
"""
Get the vault extended info.
Parameters:
- resource_group_name: str - The name of the resource group
- vault_name: str - The name of the recovery services vault
Returns:
VaultExtendedInfoResource: Extended information resource for the vault
"""Usage Example:
# Get extended vault information
extended_info = client.vault_extended_info.get(
resource_group_name="my-rg",
vault_name="my-vault"
)
print(f"Extended Info ID: {extended_info.id}")
print(f"Extended Info Name: {extended_info.name}")
if extended_info.properties:
print(f"Integrity Key: {extended_info.properties.integrity_key}")
print(f"Encryption Key: {extended_info.properties.encryption_key}")
print(f"Encryption Key Thumbprint: {extended_info.properties.encryption_key_thumbprint}")
print(f"Algorithm: {extended_info.properties.algorithm}")Create or Update Extended Vault Information
Creates or updates extended information for a Recovery Services vault.
def create_or_update(
resource_group_name: str,
vault_name: str,
resource_extended_info_details: Union[VaultExtendedInfoResource, IO[bytes]],
**kwargs
) -> VaultExtendedInfoResource:
"""
Create vault extended info.
Parameters:
- resource_group_name: str - The name of the resource group
- vault_name: str - The name of the recovery services vault
- resource_extended_info_details: Union[VaultExtendedInfoResource, IO[bytes]] - Details for creating the vault extended info
Returns:
VaultExtendedInfoResource: The created or updated extended information resource
"""Usage Example:
from azure.mgmt.recoveryservices.models import VaultExtendedInfoResource
import base64
import os
# Generate encryption and integrity keys (simplified example)
encryption_key = base64.b64encode(os.urandom(32)).decode('utf-8')
integrity_key = base64.b64encode(os.urandom(64)).decode('utf-8')
# Create extended info resource
extended_info = VaultExtendedInfoResource(
properties={
"integrity_key": integrity_key,
"encryption_key": encryption_key,
"encryption_key_thumbprint": "sample_thumbprint",
"algorithm": "None" # or appropriate algorithm
}
)
# Create/update extended vault information
result = client.vault_extended_info.create_or_update(
resource_group_name="my-rg",
vault_name="my-vault",
resource_extended_info_details=extended_info
)
print(f"Extended info created/updated: {result.name}")
print(f"Algorithm: {result.properties.algorithm}")Update Extended Vault Information
Updates existing extended information for a Recovery Services vault.
def update(
resource_group_name: str,
vault_name: str,
resource_extended_info_details: Union[VaultExtendedInfoResource, IO[bytes]],
**kwargs
) -> VaultExtendedInfoResource:
"""
Update vault extended info.
Parameters:
- resource_group_name: str - The name of the resource group
- vault_name: str - The name of the recovery services vault
- resource_extended_info_details: Union[VaultExtendedInfoResource, IO[bytes]] - Details for updating the vault extended info
Returns:
VaultExtendedInfoResource: The updated extended information resource
"""Usage Example:
# Get current extended info
current_info = client.vault_extended_info.get("my-rg", "my-vault")
# Update with new algorithm
if current_info.properties:
updated_info = VaultExtendedInfoResource(
properties={
"integrity_key": current_info.properties.integrity_key,
"encryption_key": current_info.properties.encryption_key,
"encryption_key_thumbprint": current_info.properties.encryption_key_thumbprint,
"algorithm": "SHA256" # Updated algorithm
}
)
# Apply update
result = client.vault_extended_info.update(
resource_group_name="my-rg",
vault_name="my-vault",
resource_extended_info_details=updated_info
)
print(f"Extended info updated. New algorithm: {result.properties.algorithm}")Extended Information Types
Vault Extended Info Resource
class VaultExtendedInfoResource:
"""
Vault extended information.
Parameters:
- id: Optional[str] - Resource Id represents the complete path to the resource
- name: Optional[str] - Resource name associated with the resource
- type: Optional[str] - Resource type represents the complete path of the form Namespace/ResourceType/ResourceType/...
- e_tag: Optional[str] - Optional ETag
- properties: Optional[VaultExtendedInfo] - Extended information properties
"""Vault Extended Info Properties
class VaultExtendedInfo:
"""
Vault extended information.
Parameters:
- integrity_key: Optional[str] - Integrity key used for data integrity validation
- encryption_key: Optional[str] - Encryption key used for encrypting backup data
- encryption_key_thumbprint: Optional[str] - Encryption key thumbprint
- algorithm: Optional[str] - Algorithm used for data protection
"""Usage Patterns
Secure Extended Info Management
import base64
import os
from cryptography.hazmat.primitives import hashes
from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
def setup_vault_extended_info_securely(client, resource_group: str, vault_name: str, passphrase: str = None):
"""
Set up extended vault information with secure key generation.
"""
try:
# Generate secure keys
encryption_key = base64.b64encode(os.urandom(32)).decode('utf-8')
integrity_key = base64.b64encode(os.urandom(64)).decode('utf-8')
# Generate thumbprint for the encryption key
key_bytes = base64.b64decode(encryption_key)
digest = hashes.Hash(hashes.SHA256())
digest.update(key_bytes)
thumbprint = base64.b64encode(digest.finalize()).decode('utf-8')[:16]
# Create extended info
extended_info = VaultExtendedInfoResource(
properties={
"integrity_key": integrity_key,
"encryption_key": encryption_key,
"encryption_key_thumbprint": thumbprint,
"algorithm": "SHA256"
}
)
# Apply to vault
result = client.vault_extended_info.create_or_update(
resource_group_name=resource_group,
vault_name=vault_name,
resource_extended_info_details=extended_info
)
print(f"✅ Extended info configured for vault: {vault_name}")
print(f"Algorithm: {result.properties.algorithm}")
print(f"Encryption Key Thumbprint: {result.properties.encryption_key_thumbprint}")
# Store keys securely (example - in production use Azure Key Vault)
secure_info = {
"vault": vault_name,
"encryption_key": encryption_key,
"integrity_key": integrity_key,
"thumbprint": thumbprint,
"algorithm": result.properties.algorithm
}
return secure_info
except Exception as e:
print(f"Error setting up extended vault info: {e}")
raise
def backup_extended_info_keys(client, resource_group: str, vault_name: str, backup_file: str):
"""
Backup extended vault information to a secure file.
Note: In production, use Azure Key Vault for secure key storage.
"""
try:
# Get current extended info
extended_info = client.vault_extended_info.get(resource_group, vault_name)
if not extended_info.properties:
print("No extended information found for vault")
return
# Prepare backup data (excluding sensitive keys in this example)
backup_data = {
"vault_name": vault_name,
"resource_group": resource_group,
"timestamp": datetime.now().isoformat(),
"algorithm": extended_info.properties.algorithm,
"encryption_key_thumbprint": extended_info.properties.encryption_key_thumbprint,
# Note: In production, encrypt these keys before storing
"has_encryption_key": bool(extended_info.properties.encryption_key),
"has_integrity_key": bool(extended_info.properties.integrity_key)
}
with open(backup_file, 'w') as f:
json.dump(backup_data, f, indent=2)
print(f"✅ Extended info metadata backed up to {backup_file}")
print("⚠️ Note: Actual keys not included for security. Use Azure Key Vault for key backup.")
except Exception as e:
print(f"Error backing up extended info: {e}")
raiseExtended Info Validation
def validate_extended_info(extended_info: VaultExtendedInfoResource) -> bool:
"""
Validate extended vault information for completeness and security.
"""
if not extended_info:
print("❌ Extended info is None")
return False
if not extended_info.properties:
print("❌ Extended info properties are missing")
return False
props = extended_info.properties
validation_results = []
# Check encryption key
if props.encryption_key:
try:
key_bytes = base64.b64decode(props.encryption_key)
if len(key_bytes) >= 32:
validation_results.append("✅ Encryption key is present and adequate length")
else:
validation_results.append("⚠️ Encryption key is shorter than recommended (32 bytes)")
except Exception:
validation_results.append("❌ Encryption key is not valid base64")
else:
validation_results.append("❌ Encryption key is missing")
# Check integrity key
if props.integrity_key:
try:
key_bytes = base64.b64decode(props.integrity_key)
if len(key_bytes) >= 32:
validation_results.append("✅ Integrity key is present and adequate length")
else:
validation_results.append("⚠️ Integrity key is shorter than recommended (32 bytes)")
except Exception:
validation_results.append("❌ Integrity key is not valid base64")
else:
validation_results.append("❌ Integrity key is missing")
# Check thumbprint
if props.encryption_key_thumbprint:
validation_results.append("✅ Encryption key thumbprint is present")
else:
validation_results.append("⚠️ Encryption key thumbprint is missing")
# Check algorithm
if props.algorithm:
if props.algorithm in ["SHA256", "SHA512", "AES256"]:
validation_results.append(f"✅ Algorithm is set to secure option: {props.algorithm}")
elif props.algorithm == "None":
validation_results.append("⚠️ Algorithm is set to 'None' - consider using cryptographic algorithm")
else:
validation_results.append(f"⚠️ Unknown algorithm: {props.algorithm}")
else:
validation_results.append("❌ Algorithm is not specified")
# Print results
print("Extended Info Validation Results:")
for result in validation_results:
print(f" {result}")
# Return overall success
failed_checks = [r for r in validation_results if r.startswith("❌")]
return len(failed_checks) == 0
def rotate_extended_info_keys(client, resource_group: str, vault_name: str):
"""
Rotate encryption and integrity keys for enhanced security.
"""
try:
# Get current extended info
current_info = client.vault_extended_info.get(resource_group, vault_name)
if not current_info.properties:
print("No existing extended info found. Create initial configuration first.")
return
# Generate new keys
new_encryption_key = base64.b64encode(os.urandom(32)).decode('utf-8')
new_integrity_key = base64.b64encode(os.urandom(64)).decode('utf-8')
# Generate new thumbprint
key_bytes = base64.b64decode(new_encryption_key)
digest = hashes.Hash(hashes.SHA256())
digest.update(key_bytes)
new_thumbprint = base64.b64encode(digest.finalize()).decode('utf-8')[:16]
# Update extended info with new keys
updated_info = VaultExtendedInfoResource(
properties={
"integrity_key": new_integrity_key,
"encryption_key": new_encryption_key,
"encryption_key_thumbprint": new_thumbprint,
"algorithm": current_info.properties.algorithm or "SHA256"
}
)
# Apply update
result = client.vault_extended_info.update(
resource_group_name=resource_group,
vault_name=vault_name,
resource_extended_info_details=updated_info
)
print(f"✅ Successfully rotated keys for vault: {vault_name}")
print(f"New encryption key thumbprint: {result.properties.encryption_key_thumbprint}")
print("⚠️ Important: Update any systems using the old keys")
return {
"old_thumbprint": current_info.properties.encryption_key_thumbprint,
"new_thumbprint": result.properties.encryption_key_thumbprint,
"rotation_time": datetime.now().isoformat()
}
except Exception as e:
print(f"Error rotating extended info keys: {e}")
raiseExtended Info Monitoring
def monitor_extended_info_health(client, resource_group: str, vault_name: str):
"""
Monitor the health and configuration of extended vault information.
"""
try:
extended_info = client.vault_extended_info.get(resource_group, vault_name)
print(f"🔍 Extended Info Health Check for Vault: {vault_name}")
print("=" * 60)
if not extended_info:
print("❌ CRITICAL: No extended information configured")
return {"status": "critical", "issues": ["No extended info"]}
if not extended_info.properties:
print("❌ CRITICAL: Extended information properties missing")
return {"status": "critical", "issues": ["Missing properties"]}
props = extended_info.properties
issues = []
warnings = []
# Check encryption key
if not props.encryption_key:
issues.append("Missing encryption key")
# Check integrity key
if not props.integrity_key:
issues.append("Missing integrity key")
# Check thumbprint
if not props.encryption_key_thumbprint:
warnings.append("Missing encryption key thumbprint")
# Check algorithm
if not props.algorithm or props.algorithm == "None":
warnings.append("No cryptographic algorithm specified")
# Report results
if issues:
print("❌ CRITICAL ISSUES:")
for issue in issues:
print(f" - {issue}")
status = "critical"
elif warnings:
print("⚠️ WARNINGS:")
for warning in warnings:
print(f" - {warning}")
status = "warning"
else:
print("✅ All checks passed")
status = "healthy"
# Show configuration summary
print("\n📋 Configuration Summary:")
print(f" Algorithm: {props.algorithm or 'Not set'}")
print(f" Has Encryption Key: {'Yes' if props.encryption_key else 'No'}")
print(f" Has Integrity Key: {'Yes' if props.integrity_key else 'No'}")
print(f" Key Thumbprint: {props.encryption_key_thumbprint or 'Not set'}")
return {
"status": status,
"issues": issues,
"warnings": warnings,
"configuration": {
"algorithm": props.algorithm,
"has_encryption_key": bool(props.encryption_key),
"has_integrity_key": bool(props.integrity_key),
"has_thumbprint": bool(props.encryption_key_thumbprint)
}
}
except Exception as e:
print(f"Error monitoring extended info health: {e}")
return {"status": "error", "error": str(e)}Install with Tessl CLI
npx tessl i tessl/pypi-azure-mgmt-recoveryservices