Inorishio/I-SecretUpdate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
Home
I-SecretUpdate/README.md
T
Inorishio 64d707bd8b Rust
2026-01-29 09:57:44 +01:00

5.9 KiB
Raw Permalink Blame History

Azure App Registration Manager

A cross-platform Rust GUI application for managing Azure App Registrations and Key Vault secrets.

Features

  • Interactive Azure Authentication: Browser-based OAuth 2.0 login flow
  • App Registration Management: View and manage your Azure App Registrations
  • Client Secret Creation: Generate new client secrets with automatic expiration
  • Key Vault Integration: Securely store secrets in Azure Key Vault
  • Cross-Platform: Works on Windows, Linux, and macOS
  • Secure Token Storage: Uses OS-level secure storage (Credential Manager/Keychain)
  • Zero Configuration: No app registration or credential files needed

Prerequisites

  • Rust 1.70+ (install from rustup.rs)
  • Azure subscription with appropriate permissions

Quick Start

Installation and Run

git clone <your-repo-url>
cd azure-app-manager
cargo run --release

That's it! No configuration needed. Click "Sign In with Azure" and authenticate.

How It Works

This application uses Microsoft's Azure CLI public client ID, which is pre-approved for accessing Microsoft Graph and Azure Management APIs. You authenticate with your own Azure AD account and permissions. No app registration or configuration files needed.

Usage

Run the Application

cargo run --release

Or run the compiled binary:

./target/release/azure-app-manager

Workflow

  1. Sign In: Click "Sign In with Azure" and complete authentication in your browser
  2. Select App: Browse your app registrations and select one
  3. Create Secret: Click "Create Secret" and enter a description
  4. Save to Vault: Select a Key Vault and enter a name for the secret
  5. Done: The secret is securely stored in your Key Vault

Architecture

Technology Stack

  • GUI Framework: egui/eframe (immediate-mode, cross-platform)
  • Azure SDKs:
    • graph-rs-sdk: Microsoft Graph API integration
    • azure_security_keyvault_secrets: Key Vault operations
    • azure_mgmt_keyvault: Key Vault discovery
  • Async Runtime: Tokio
  • Async-GUI Bridge: poll-promise
  • Secure Storage: keyring (OS-level credential storage)

Project Structure

src/
├── main.rs              # Application entry point
├── app.rs               # Main app logic (eframe::App implementation)
├── error.rs             # Error types
├── auth/                # Authentication
│   ├── azure_auth.rs    # OAuth flow
│   └── token_cache.rs   # Secure token storage
├── azure/               # Azure API clients
│   ├── graph_client.rs  # Microsoft Graph API
│   ├── keyvault_client.rs # Key Vault operations
│   ├── vault_discovery.rs # Key Vault listing
│   └── models.rs        # Data models
├── state/               # Application state
│   ├── app_state.rs     # Central state management
│   └── async_operations.rs # Async operation tracking
└── ui/                  # UI views
    ├── auth_view.rs     # Login screen
    ├── app_list_view.rs # App registration list
    ├── secret_create_view.rs # Secret creation form
    ├── keyvault_select_view.rs # Key Vault selection
    └── components.rs    # Reusable UI components

Security Features

Token Security

  • Access tokens stored in OS-level secure storage:
    • Windows: Credential Manager
    • macOS: Keychain
    • Linux: Secret Service (gnome-keyring/kwallet)
  • Automatic token refresh before expiration
  • Secure memory clearing with zeroize

Secret Handling

  • Secrets wrapped in SensitiveString with automatic memory zeroing
  • No disk persistence of secrets
  • Custom Debug implementation prevents accidental logging
  • Immediate prompt to save to Key Vault

Platform-Specific Notes

macOS

Due to limitations in the graph-rs-sdk, macOS uses device code flow instead of interactive browser flow:

  1. A code will be displayed in the application
  2. Open the provided URL in your browser
  3. Enter the code and complete authentication
  4. Return to the application

Linux

Requires a secret service backend (gnome-keyring or kwallet) for secure token storage:

# Ubuntu/Debian
sudo apt install gnome-keyring

# Arch Linux
sudo pacman -S gnome-keyring

Windows

No additional dependencies required. Uses Windows Credential Manager.

Troubleshooting

Authentication Fails

  • Ensure you have appropriate permissions in your Azure AD tenant
  • Check your internet connection
  • Review logs with LOG_LEVEL=debug cargo run
  • Some organizations may have conditional access policies that require MFA or compliant devices

No Key Vaults Found

  • Verify you have Key Vaults in your subscription
  • Check that your user has appropriate RBAC permissions
  • Ensure the Management API scope was granted

Token Cache Errors

  • On Linux: Install and start gnome-keyring or kwallet
  • On macOS: Check Keychain Access permissions
  • On Windows: Check Windows Credential Manager

Development

Run in Debug Mode

cargo run

Run Tests

cargo test

Enable Debug Logging

LOG_LEVEL=debug cargo run

Building for Release

Current Platform

cargo build --release

Cross-Platform (requires setup)

# Windows
cargo build --release --target x86_64-pc-windows-msvc

# Linux
cargo build --release --target x86_64-unknown-linux-gnu

# macOS
cargo build --release --target x86_64-apple-darwin

Contributing

Contributions are welcome. Please ensure:

  • Code follows Rust best practices
  • All tests pass
  • Security considerations are maintained
  • Documentation is updated

License

MIT License - See LICENSE file for details

Acknowledgments

  • Microsoft Graph SDK team for graph-rs-sdk
  • Azure SDK for Rust team
  • egui framework creators

Support

For issues and feature requests, please use the GitHub issue tracker.

Reference in New Issue View Git Blame Copy Permalink