# Azure Key Vault Secret Manager > A modern, user-friendly GUI application for managing Azure App Registration secrets and Key Vault integration. ![Python](https://img.shields.io/badge/python-3.8+-blue.svg) ![License](https://img.shields.io/badge/license-MIT-green.svg) ![Platform](https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-lightgrey.svg) ## ✨ Features - 🔐 **Single Sign-On**: Interactive browser authentication - login once for both Microsoft Graph and Azure - 🎯 **Auto-Detection**: Automatically detects your Azure tenant ID from logged-in account - 📋 **Subscription Selection**: Choose your subscription from a dropdown (no more config files!) - 🔍 **Smart Dropdowns**: Searchable, scrollable lists with keyboard navigation (Arrow keys, Page Up/Down, Home/End) - 💡 **Tooltips**: Hover over items to see full names if truncated - 🔑 **Secret Management**: Generate 50-year secrets with custom descriptions - 🗑️ **Cleanup**: Optionally remove old secrets when creating new ones - 💾 **Key Vault Integration**: Automatic storage with metadata tags - 📋 **Copy to Clipboard**: One-click secret copying - 🎨 **Modern UI**: Clean interface built with CustomTkinter (supports dark/light themes) - ⚡ **Smooth Performance**: Optimized scrolling and no nested scroll lag ## 📸 Screenshots ``` [App Selection] [Secret Generation] [Result View] ``` ## 🔧 Prerequisites - **Python 3.8+** (Python 3.11 recommended) - **Azure Permissions**: - Application.ReadWrite.All (Microsoft Graph API) - Directory.Read.All (Microsoft Graph API) - Key Vault Secrets Officer role on target Key Vaults - Reader role on subscription/resource groups **Note**: No need to create an App Registration! The app uses the Azure CLI public client ID for authentication. ## 🎨 Customization ### Adding a Custom Icon To replace the default Python icon with your own: 1. Create an icon file (`.ico` for Windows or `.png` for cross-platform) 2. Place it in one of these locations: - `python-app/icon.ico` or `python-app/icon.png` - `python-app/assets/icon.ico` or `python-app/assets/icon.png` 3. The application will automatically detect and use it on next launch **Recommended icon size**: 256x256 pixels ## 📦 Installation ### 1. Clone the Repository ```bash git clone https://github.com/yourusername/azure-keyvault-manager.git cd azure-keyvault-manager/python-app ``` ### 2. Create Virtual Environment **Windows:** ```bash python -m venv venv venv\Scripts\activate ``` **Linux/macOS:** ```bash python3 -m venv venv source venv/bin/activate ``` ### 3. Install Dependencies ```bash pip install -r requirements.txt ``` ### 4. Run the Application ```bash python main.py ``` **That's it!** No configuration files to edit - the app auto-detects everything. ## 🚀 Usage ### Quick Start Guide 1. **Connect to Azure** - Click **"Connect to Azure"** - Browser opens automatically - Sign in with your Azure account (admin credentials) - ✅ Authentication completes (single login!) 2. **Select Subscription** - Choose your Azure subscription from the dropdown - Apps and Key Vaults load automatically 3. **Select App Registration** - Click the App Registration dropdown - Scroll through the list or use keyboard navigation: - `↑` `↓` Arrow keys to navigate - `Page Up` `Page Down` to jump - `Home` `End` for first/last - `Enter` to select - `Esc` to close - Hover for tooltips on long names 4. **Generate Secret** - Enter a description (e.g., "Production API Key 2025") - Select a Key Vault - *(Optional)* Check "Remove old secrets" - Click **"Generate Secret"** 5. **Copy & Save** - Secret is displayed once - Click **"Copy to Clipboard"** - Secret is automatically stored in Key Vault with metadata - Click **"Generate Another Secret"** to continue ### Keyboard Shortcuts | Key | Action | |-----|--------| | `↓` `↑` | Navigate dropdown items | | `Page Down` `Page Up` | Jump 5 items | | `Home` `End` | First/Last item | | `Enter` | Select item | | `Escape` | Close dropdown | | `Mouse Wheel` | Scroll in dropdown | ## 📁 Project Structure ``` python-app/ ├── main.py # Application entry point ├── config.py # App settings (no secrets!) ├── requirements.txt # Python dependencies ├── auth/ │ ├── graph_authenticator.py # Microsoft Graph authentication │ └── azure_authenticator.py # Azure Resource Manager authentication ├── services/ │ ├── app_registration_service.py # App registration operations │ ├── secret_service.py # Secret generation/management │ └── keyvault_service.py # Key Vault operations ├── ui/ │ ├── components/ │ │ ├── unified_dropdown.py # Custom dropdown component │ │ └── tooltip.py # Tooltip utility │ ├── main_window.py # Main application window │ ├── login_frame.py # Authentication UI │ ├── subscription_selection_frame.py │ ├── app_selection_frame.py # App selection UI │ ├── secret_generation_frame.py # Secret generation form │ └── result_frame.py # Result display └── utils/ ├── sanitizer.py # Name sanitization └── logger.py # Logging setup ``` ## 🐛 Troubleshooting ### Authentication Issues **Problem**: "Authentication failed" - **Solution**: Ensure you have the required permissions in Azure AD - Clear cached credentials: Delete `.azure` folder in your home directory - Verify your account has access to the Azure subscription **Problem**: Double login prompts - **Solution**: This has been fixed in the latest version - you should only login once ### Permission Errors **Problem**: "Failed to list applications" - **Solution**: Request `Application.ReadWrite.All` and `Directory.Read.All` permissions from your Azure AD admin **Problem**: "Failed to store secret in Key Vault" - **Solution**: Ensure you have **Key Vault Secrets Officer** role on the target vault - Check Key Vault network settings allow your IP address ### UI Issues **Problem**: Dropdown list won't scroll - **Solution**: Updated in latest version - mouse wheel now scrolls the dropdown properly **Problem**: Can't see all applications - **Solution**: Use keyboard navigation (arrow keys) or mouse wheel to scroll through large lists ### General Issues **Problem**: No subscriptions found - **Solution**: Verify your account has at least Reader access to one Azure subscription **Problem**: No Key Vaults appear - **Solution**: Create a Key Vault in your subscription or request access to existing ones ## 📝 Logs Application logs are stored in: `logs/app_YYYYMMDD.log` Log levels: - **INFO**: Normal operations - **ERROR**: Failed operations with stack traces ## 🔒 Security Best Practices - ✅ Secrets are **only displayed once** in the UI - ✅ Secrets are **never logged** to files - ✅ Authentication uses Azure Identity library (secure token caching) - ✅ Uses Azure CLI public client ID (no app registration needed) - ⚠️ **Always copy secrets immediately** - they cannot be retrieved later - ⚠️ Store secrets in a secure password manager after generation ## 🏗️ Building Executable (Optional) Create a standalone executable: ```bash pip install pyinstaller pyinstaller --onefile --windowed --name AzureKeyVaultManager main.py ``` Output: `dist/AzureKeyVaultManager.exe` (Windows) or `dist/AzureKeyVaultManager` (Linux/macOS) **Note**: Executable size will be ~50-100MB due to bundled dependencies. ## 🤝 Contributing Contributions are welcome! Please feel free to submit a Pull Request. 1. Fork the repository 2. Create your feature branch (`git checkout -b feature/AmazingFeature`) 3. Commit your changes (`git commit -m 'Add some AmazingFeature'`) 4. Push to the branch (`git push origin feature/AmazingFeature`) 5. Open a Pull Request ## 📄 License This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details. ## 🙏 Acknowledgments - Built with [CustomTkinter](https://github.com/TomSchimansky/CustomTkinter) by Tom Schimansky - Uses [Azure SDK for Python](https://github.com/Azure/azure-sdk-for-python) - Uses [Microsoft Graph SDK for Python](https://github.com/microsoftgraph/msgraph-sdk-python) ## 📮 Support For issues, questions, or suggestions: - 🐛 [Open an issue](https://github.com/yourusername/azure-keyvault-manager/issues) - 💬 [Start a discussion](https://github.com/yourusername/azure-keyvault-manager/discussions) --- **Made with ❤️ for Azure administrators**