vault_audit_tools/commands/
kv_analysis.rs

1//! Unified KV secrets analysis command.
2//!
3//! Consolidates KV usage analysis, comparison, and summarization into a single
4//! powerful command with consistent interface and shared logic.
5//!
6//! # Usage
7//!
8//! ```bash
9//! # Analyze KV usage from audit logs
10//! vault-audit kv-analysis analyze logs/*.log --output kv_usage.csv
11//! vault-audit kv-analysis analyze logs/*.log --kv-prefix appcodes/ --output appcodes.csv
12//!
13//! # Compare KV usage between time periods
14//! vault-audit kv-analysis compare old_usage.csv new_usage.csv
15//!
16//! # Summarize KV usage from CSV
17//! vault-audit kv-analysis summary kv_usage.csv
18//! ```
19//!
20//! # Subcommands
21//!
22//! ## analyze
23//! Comprehensive KV usage analysis from audit logs. Processes single or multiple
24//! log files (plain or compressed) to generate detailed usage statistics per path
25//! and entity. Supports filtering by KV mount prefix.
26//!
27//! ## compare
28//! Compare KV usage patterns between two time periods. Identifies changes in
29//! access patterns, new secrets, abandoned secrets, and usage trends.
30//!
31//! ## summary
32//! Quick overview of KV usage from CSV exports. Shows aggregated statistics,
33//! top accessed secrets, and breakdown by mount point.
34
35use anyhow::Result;
36
37/// Run analyze subcommand
38pub fn run_analyze(
39    log_files: &[String],
40    kv_prefix: &str,
41    output: Option<&String>,
42    entity_csv: Option<&String>,
43) -> Result<()> {
44    // Delegate to existing kv_analyzer implementation
45    crate::commands::kv_analyzer::run(
46        log_files,
47        kv_prefix,
48        output.map(std::string::String::as_str),
49        entity_csv.map(std::string::String::as_str),
50    )
51}
52
53/// Run compare subcommand
54pub fn run_compare(csv1: &str, csv2: &str) -> Result<()> {
55    // Delegate to existing kv_compare implementation
56    crate::commands::kv_compare::run(csv1, csv2)
57}
58
59/// Run summary subcommand
60pub fn run_summary(csv_file: &str) -> Result<()> {
61    // Delegate to existing kv_summary implementation
62    crate::commands::kv_summary::run(csv_file)
63}