[](https://opensource.org/licenses/MIT)
[](https://github.com/psf/black)
# vault-recovery
This tool provides utilities for a disaster recovery for the Odoo vault module from
database backups or formerly exported files. The backups need atleast the following
tables for the recovery:
- res_users
- res_users_key
- vault
- vault_entry
- vault_field
- vault_file
- vault_right
## Installation
```bash
$ pip3 install vault-recovery
```
## Security
Do not run the `recover` or `decrypt` mode on the server. This will compromise the
security design of the vault module.
## Usage
The tool supports different operation modes for specific purposes.
`vault info [...]` can be used to retrieve information from a postgres database about
available vaults. It can be used to get UUIDs of users and vaults with some additional
information. The UUIDs are used in other modes.
```bash
$ vault info -d odoo
User: admin [6cf47287-d791-44a0-b073-78659959ca3f]
Fingerprint: 61:a7:70:73:75:06:61:ad:fc:0e:9a:3c:bd:99:a0:17:be:7f:35:5e:31:d0:80:e4:fd:cc:90:ac:be:5b:e8:82
Vaults:
Test Vault [cee24057-4318-46b8-b227-05ec687df64e]
```
`vault export [...]` can be used to export vaults from a database into `exported` files.
These files include everything from the database which is needed to recover the database
including the encrypted master key, private key, and entries.
```bash
$ vault export -d odoo --user 6cf47287-d791-44a0-b073-78659959ca3f > vaults.json
```
`vault recover [...]` can be used to recover the secrets from a vault. It can recover
from a database or from a previously exported `exported` file as the following example
shows. The data is put inside of the output directory as `raw`, `plain`, and
`encrypted` files.
```bash
$ vault recover -d odoo -i vaults.json --password --output ~/vaults
```
`vault encrypt [...]` can be used to protect `raw` files with password or passfiles.
```bash
$ vault encrypt -i raw.json --password > encrypted.json
```
`vault decrypt [...]` can be used to decrypt `encrypted` files.
```bash
$ vault decrypt -i encrypted.json --password -o ~/vaults > raw.json
```
## Files types
The tool outputs various JSON files for different purposes to store the data and to
allow splitting the process into steps. All files are structured as a dictionary
with a `type` key. The following types exists:
- `exported`: contains all information needed to recover vaults. They can be used
to recover the data on more secure environments.
- `plain`: contains the most information of a recovered vault. These files are
unencrypted.
- `raw`: contains unencrypted entries ready to be imported into a running vault
- `encrypted`: contains encrypted entries ready to be imported into a running vault
Raw data
{
"_id": null,
"home_page": "https://github.com/fkantelberg/vault-recovery",
"name": "vault-recovery",
"maintainer": null,
"docs_url": null,
"requires_python": ">=3.10",
"maintainer_email": null,
"keywords": "vault disaster recovery",
"author": "Florian Kantelberg",
"author_email": "florian.kantelberg@mailbox.org",
"download_url": null,
"platform": null,
"description": "[](https://opensource.org/licenses/MIT)\n\n[](https://github.com/psf/black)\n\n# vault-recovery\n\nThis tool provides utilities for a disaster recovery for the Odoo vault module from\ndatabase backups or formerly exported files. The backups need atleast the following\ntables for the recovery:\n\n- res_users\n- res_users_key\n- vault\n- vault_entry\n- vault_field\n- vault_file\n- vault_right\n\n## Installation\n\n```bash\n$ pip3 install vault-recovery\n```\n\n## Security\n\nDo not run the `recover` or `decrypt` mode on the server. This will compromise the\nsecurity design of the vault module.\n\n## Usage\n\nThe tool supports different operation modes for specific purposes.\n\n`vault info [...]` can be used to retrieve information from a postgres database about\navailable vaults. It can be used to get UUIDs of users and vaults with some additional\ninformation. The UUIDs are used in other modes.\n\n```bash\n$ vault info -d odoo\nUser: admin [6cf47287-d791-44a0-b073-78659959ca3f]\n Fingerprint: 61:a7:70:73:75:06:61:ad:fc:0e:9a:3c:bd:99:a0:17:be:7f:35:5e:31:d0:80:e4:fd:cc:90:ac:be:5b:e8:82\n Vaults:\n Test Vault [cee24057-4318-46b8-b227-05ec687df64e]\n```\n\n`vault export [...]` can be used to export vaults from a database into `exported` files.\nThese files include everything from the database which is needed to recover the database\nincluding the encrypted master key, private key, and entries.\n\n```bash\n$ vault export -d odoo --user 6cf47287-d791-44a0-b073-78659959ca3f > vaults.json\n```\n\n`vault recover [...]` can be used to recover the secrets from a vault. It can recover\nfrom a database or from a previously exported `exported` file as the following example\nshows. The data is put inside of the output directory as `raw`, `plain`, and\n`encrypted` files.\n\n```bash\n$ vault recover -d odoo -i vaults.json --password --output ~/vaults\n```\n\n`vault encrypt [...]` can be used to protect `raw` files with password or passfiles.\n\n```bash\n$ vault encrypt -i raw.json --password > encrypted.json\n```\n\n`vault decrypt [...]` can be used to decrypt `encrypted` files.\n\n```bash\n$ vault decrypt -i encrypted.json --password -o ~/vaults > raw.json\n```\n\n## Files types\n\nThe tool outputs various JSON files for different purposes to store the data and to\nallow splitting the process into steps. All files are structured as a dictionary\nwith a `type` key. The following types exists:\n\n- `exported`: contains all information needed to recover vaults. They can be used\nto recover the data on more secure environments.\n\n- `plain`: contains the most information of a recovered vault. These files are\nunencrypted.\n\n- `raw`: contains unencrypted entries ready to be imported into a running vault\n\n- `encrypted`: contains encrypted entries ready to be imported into a running vault\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Tool for a disaster recovery of Odoo's vault module",
"version": "0.3",
"project_urls": {
"Homepage": "https://github.com/fkantelberg/vault-recovery"
},
"split_keywords": [
"vault",
"disaster",
"recovery"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "dbe9b9ca7aba007708f7f192410810aad9c77f54bb1d8ec2c6a75319d975a49e",
"md5": "26c1596905c68746e0f204694d716b49",
"sha256": "421b97af47c095ba5f4eaa8f23216030c8543c06ff1d0f3bcf1a5c345e072fe0"
},
"downloads": -1,
"filename": "vault_recovery-0.3-py3-none-any.whl",
"has_sig": false,
"md5_digest": "26c1596905c68746e0f204694d716b49",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.10",
"size": 13677,
"upload_time": "2024-03-28T21:31:31",
"upload_time_iso_8601": "2024-03-28T21:31:31.598872Z",
"url": "https://files.pythonhosted.org/packages/db/e9/b9ca7aba007708f7f192410810aad9c77f54bb1d8ec2c6a75319d975a49e/vault_recovery-0.3-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-03-28 21:31:31",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "fkantelberg",
"github_project": "vault-recovery",
"travis_ci": false,
"coveralls": false,
"github_actions": false,
"lcname": "vault-recovery"
}
JSON
