First commit
This commit is contained in:
@@ -0,0 +1,263 @@
|
||||
# Azure Key Vault Secret Manager
|
||||
|
||||
> A modern, user-friendly GUI application for managing Azure App Registration secrets and Key Vault integration.
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
## ✨ Features
|
||||
|
||||
- 🔐 **Single Sign-On**: Interactive browser authentication - login once for both Microsoft Graph and Azure
|
||||
- 🎯 **Auto-Detection**: Automatically detects your Azure tenant ID from logged-in account
|
||||
- 📋 **Subscription Selection**: Choose your subscription from a dropdown (no more config files!)
|
||||
- 🔍 **Smart Dropdowns**: Searchable, scrollable lists with keyboard navigation (Arrow keys, Page Up/Down, Home/End)
|
||||
- 💡 **Tooltips**: Hover over items to see full names if truncated
|
||||
- 🔑 **Secret Management**: Generate 50-year secrets with custom descriptions
|
||||
- 🗑️ **Cleanup**: Optionally remove old secrets when creating new ones
|
||||
- 💾 **Key Vault Integration**: Automatic storage with metadata tags
|
||||
- 📋 **Copy to Clipboard**: One-click secret copying
|
||||
- 🎨 **Modern UI**: Clean interface built with CustomTkinter (supports dark/light themes)
|
||||
- ⚡ **Smooth Performance**: Optimized scrolling and no nested scroll lag
|
||||
|
||||
## 📸 Screenshots
|
||||
|
||||
<!-- Add your screenshots here -->
|
||||
```
|
||||
[App Selection] [Secret Generation] [Result View]
|
||||
```
|
||||
|
||||
## 🔧 Prerequisites
|
||||
|
||||
- **Python 3.8+** (Python 3.11 recommended)
|
||||
- **Azure Permissions**:
|
||||
- Application.ReadWrite.All (Microsoft Graph API)
|
||||
- Directory.Read.All (Microsoft Graph API)
|
||||
- Key Vault Secrets Officer role on target Key Vaults
|
||||
- Reader role on subscription/resource groups
|
||||
|
||||
**Note**: No need to create an App Registration! The app uses the Azure CLI public client ID for authentication.
|
||||
|
||||
## 🎨 Customization
|
||||
|
||||
### Adding a Custom Icon
|
||||
|
||||
To replace the default Python icon with your own:
|
||||
|
||||
1. Create an icon file (`.ico` for Windows or `.png` for cross-platform)
|
||||
2. Place it in one of these locations:
|
||||
- `python-app/icon.ico` or `python-app/icon.png`
|
||||
- `python-app/assets/icon.ico` or `python-app/assets/icon.png`
|
||||
3. The application will automatically detect and use it on next launch
|
||||
|
||||
**Recommended icon size**: 256x256 pixels
|
||||
|
||||
## 📦 Installation
|
||||
|
||||
### 1. Clone the Repository
|
||||
|
||||
```bash
|
||||
git clone https://github.com/yourusername/azure-keyvault-manager.git
|
||||
cd azure-keyvault-manager/python-app
|
||||
```
|
||||
|
||||
### 2. Create Virtual Environment
|
||||
|
||||
**Windows:**
|
||||
```bash
|
||||
python -m venv venv
|
||||
venv\Scripts\activate
|
||||
```
|
||||
|
||||
**Linux/macOS:**
|
||||
```bash
|
||||
python3 -m venv venv
|
||||
source venv/bin/activate
|
||||
```
|
||||
|
||||
### 3. Install Dependencies
|
||||
|
||||
```bash
|
||||
pip install -r requirements.txt
|
||||
```
|
||||
|
||||
### 4. Run the Application
|
||||
|
||||
```bash
|
||||
python main.py
|
||||
```
|
||||
|
||||
**That's it!** No configuration files to edit - the app auto-detects everything.
|
||||
|
||||
## 🚀 Usage
|
||||
|
||||
### Quick Start Guide
|
||||
|
||||
1. **Connect to Azure**
|
||||
- Click **"Connect to Azure"**
|
||||
- Browser opens automatically
|
||||
- Sign in with your Azure account (admin credentials)
|
||||
- ✅ Authentication completes (single login!)
|
||||
|
||||
2. **Select Subscription**
|
||||
- Choose your Azure subscription from the dropdown
|
||||
- Apps and Key Vaults load automatically
|
||||
|
||||
3. **Select App Registration**
|
||||
- Click the App Registration dropdown
|
||||
- Scroll through the list or use keyboard navigation:
|
||||
- `↑` `↓` Arrow keys to navigate
|
||||
- `Page Up` `Page Down` to jump
|
||||
- `Home` `End` for first/last
|
||||
- `Enter` to select
|
||||
- `Esc` to close
|
||||
- Hover for tooltips on long names
|
||||
|
||||
4. **Generate Secret**
|
||||
- Enter a description (e.g., "Production API Key 2025")
|
||||
- Select a Key Vault
|
||||
- *(Optional)* Check "Remove old secrets"
|
||||
- Click **"Generate Secret"**
|
||||
|
||||
5. **Copy & Save**
|
||||
- Secret is displayed once
|
||||
- Click **"Copy to Clipboard"**
|
||||
- Secret is automatically stored in Key Vault with metadata
|
||||
- Click **"Generate Another Secret"** to continue
|
||||
|
||||
### Keyboard Shortcuts
|
||||
|
||||
| Key | Action |
|
||||
|-----|--------|
|
||||
| `↓` `↑` | Navigate dropdown items |
|
||||
| `Page Down` `Page Up` | Jump 5 items |
|
||||
| `Home` `End` | First/Last item |
|
||||
| `Enter` | Select item |
|
||||
| `Escape` | Close dropdown |
|
||||
| `Mouse Wheel` | Scroll in dropdown |
|
||||
|
||||
## 📁 Project Structure
|
||||
|
||||
```
|
||||
python-app/
|
||||
├── main.py # Application entry point
|
||||
├── config.py # App settings (no secrets!)
|
||||
├── requirements.txt # Python dependencies
|
||||
├── auth/
|
||||
│ ├── graph_authenticator.py # Microsoft Graph authentication
|
||||
│ └── azure_authenticator.py # Azure Resource Manager authentication
|
||||
├── services/
|
||||
│ ├── app_registration_service.py # App registration operations
|
||||
│ ├── secret_service.py # Secret generation/management
|
||||
│ └── keyvault_service.py # Key Vault operations
|
||||
├── ui/
|
||||
│ ├── components/
|
||||
│ │ ├── unified_dropdown.py # Custom dropdown component
|
||||
│ │ └── tooltip.py # Tooltip utility
|
||||
│ ├── main_window.py # Main application window
|
||||
│ ├── login_frame.py # Authentication UI
|
||||
│ ├── subscription_selection_frame.py
|
||||
│ ├── app_selection_frame.py # App selection UI
|
||||
│ ├── secret_generation_frame.py # Secret generation form
|
||||
│ └── result_frame.py # Result display
|
||||
└── utils/
|
||||
├── sanitizer.py # Name sanitization
|
||||
└── logger.py # Logging setup
|
||||
```
|
||||
|
||||
## 🐛 Troubleshooting
|
||||
|
||||
### Authentication Issues
|
||||
|
||||
**Problem**: "Authentication failed"
|
||||
- **Solution**: Ensure you have the required permissions in Azure AD
|
||||
- Clear cached credentials: Delete `.azure` folder in your home directory
|
||||
- Verify your account has access to the Azure subscription
|
||||
|
||||
**Problem**: Double login prompts
|
||||
- **Solution**: This has been fixed in the latest version - you should only login once
|
||||
|
||||
### Permission Errors
|
||||
|
||||
**Problem**: "Failed to list applications"
|
||||
- **Solution**: Request `Application.ReadWrite.All` and `Directory.Read.All` permissions from your Azure AD admin
|
||||
|
||||
**Problem**: "Failed to store secret in Key Vault"
|
||||
- **Solution**: Ensure you have **Key Vault Secrets Officer** role on the target vault
|
||||
- Check Key Vault network settings allow your IP address
|
||||
|
||||
### UI Issues
|
||||
|
||||
**Problem**: Dropdown list won't scroll
|
||||
- **Solution**: Updated in latest version - mouse wheel now scrolls the dropdown properly
|
||||
|
||||
**Problem**: Can't see all applications
|
||||
- **Solution**: Use keyboard navigation (arrow keys) or mouse wheel to scroll through large lists
|
||||
|
||||
### General Issues
|
||||
|
||||
**Problem**: No subscriptions found
|
||||
- **Solution**: Verify your account has at least Reader access to one Azure subscription
|
||||
|
||||
**Problem**: No Key Vaults appear
|
||||
- **Solution**: Create a Key Vault in your subscription or request access to existing ones
|
||||
|
||||
## 📝 Logs
|
||||
|
||||
Application logs are stored in: `logs/app_YYYYMMDD.log`
|
||||
|
||||
Log levels:
|
||||
- **INFO**: Normal operations
|
||||
- **ERROR**: Failed operations with stack traces
|
||||
|
||||
## 🔒 Security Best Practices
|
||||
|
||||
- ✅ Secrets are **only displayed once** in the UI
|
||||
- ✅ Secrets are **never logged** to files
|
||||
- ✅ Authentication uses Azure Identity library (secure token caching)
|
||||
- ✅ Uses Azure CLI public client ID (no app registration needed)
|
||||
- ⚠️ **Always copy secrets immediately** - they cannot be retrieved later
|
||||
- ⚠️ Store secrets in a secure password manager after generation
|
||||
|
||||
## 🏗️ Building Executable (Optional)
|
||||
|
||||
Create a standalone executable:
|
||||
|
||||
```bash
|
||||
pip install pyinstaller
|
||||
pyinstaller --onefile --windowed --name AzureKeyVaultManager main.py
|
||||
```
|
||||
|
||||
Output: `dist/AzureKeyVaultManager.exe` (Windows) or `dist/AzureKeyVaultManager` (Linux/macOS)
|
||||
|
||||
**Note**: Executable size will be ~50-100MB due to bundled dependencies.
|
||||
|
||||
## 🤝 Contributing
|
||||
|
||||
Contributions are welcome! Please feel free to submit a Pull Request.
|
||||
|
||||
1. Fork the repository
|
||||
2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
|
||||
3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
|
||||
4. Push to the branch (`git push origin feature/AmazingFeature`)
|
||||
5. Open a Pull Request
|
||||
|
||||
## 📄 License
|
||||
|
||||
This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.
|
||||
|
||||
## 🙏 Acknowledgments
|
||||
|
||||
- Built with [CustomTkinter](https://github.com/TomSchimansky/CustomTkinter) by Tom Schimansky
|
||||
- Uses [Azure SDK for Python](https://github.com/Azure/azure-sdk-for-python)
|
||||
- Uses [Microsoft Graph SDK for Python](https://github.com/microsoftgraph/msgraph-sdk-python)
|
||||
|
||||
## 📮 Support
|
||||
|
||||
For issues, questions, or suggestions:
|
||||
- 🐛 [Open an issue](https://github.com/yourusername/azure-keyvault-manager/issues)
|
||||
- 💬 [Start a discussion](https://github.com/yourusername/azure-keyvault-manager/discussions)
|
||||
|
||||
---
|
||||
|
||||
**Made with ❤️ for Azure administrators**
|
||||
Reference in New Issue
Block a user