Inorishio/I-SecretUpdate
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
87865e2c6d6f90ee25e6639ca581eac4c24d97d7
I-SecretUpdate/README.md
T
Inorishio 87865e2c6d First commit
2025-12-19 12:58:58 +01:00

8.7 KiB
Raw Blame History

Azure Key Vault Secret Manager

A modern, user-friendly GUI application for managing Azure App Registration secrets and Key Vault integration.

Python License Platform

Features

  • 🔐 Single Sign-On: Interactive browser authentication - login once for both Microsoft Graph and Azure
  • 🎯 Auto-Detection: Automatically detects your Azure tenant ID from logged-in account
  • 📋 Subscription Selection: Choose your subscription from a dropdown (no more config files!)
  • 🔍 Smart Dropdowns: Searchable, scrollable lists with keyboard navigation (Arrow keys, Page Up/Down, Home/End)
  • 💡 Tooltips: Hover over items to see full names if truncated
  • 🔑 Secret Management: Generate 50-year secrets with custom descriptions
  • 🗑️ Cleanup: Optionally remove old secrets when creating new ones
  • 💾 Key Vault Integration: Automatic storage with metadata tags
  • 📋 Copy to Clipboard: One-click secret copying
  • 🎨 Modern UI: Clean interface built with CustomTkinter (supports dark/light themes)
  • Smooth Performance: Optimized scrolling and no nested scroll lag

📸 Screenshots

[App Selection]     [Secret Generation]     [Result View]

🔧 Prerequisites

  • Python 3.8+ (Python 3.11 recommended)
  • Azure Permissions:
    • Application.ReadWrite.All (Microsoft Graph API)
    • Directory.Read.All (Microsoft Graph API)
    • Key Vault Secrets Officer role on target Key Vaults
    • Reader role on subscription/resource groups

Note: No need to create an App Registration! The app uses the Azure CLI public client ID for authentication.

🎨 Customization

Adding a Custom Icon

To replace the default Python icon with your own:

  1. Create an icon file (.ico for Windows or .png for cross-platform)
  2. Place it in one of these locations:
    • python-app/icon.ico or python-app/icon.png
    • python-app/assets/icon.ico or python-app/assets/icon.png
  3. The application will automatically detect and use it on next launch

Recommended icon size: 256x256 pixels

📦 Installation

1. Clone the Repository

git clone https://github.com/yourusername/azure-keyvault-manager.git
cd azure-keyvault-manager/python-app

2. Create Virtual Environment

Windows:

python -m venv venv
venv\Scripts\activate

Linux/macOS:

python3 -m venv venv
source venv/bin/activate

3. Install Dependencies

pip install -r requirements.txt

4. Run the Application

python main.py

That's it! No configuration files to edit - the app auto-detects everything.

🚀 Usage

Quick Start Guide

  1. Connect to Azure

    • Click "Connect to Azure"
    • Browser opens automatically
    • Sign in with your Azure account (admin credentials)
    • Authentication completes (single login!)

  2. Select Subscription

    • Choose your Azure subscription from the dropdown
    • Apps and Key Vaults load automatically

  3. Select App Registration

    • Click the App Registration dropdown
    • Scroll through the list or use keyboard navigation:
      • Arrow keys to navigate
      • Page Up Page Down to jump
      • Home End for first/last
      • Enter to select
      • Esc to close
    • Hover for tooltips on long names

  4. Generate Secret

    • Enter a description (e.g., "Production API Key 2025")
    • Select a Key Vault
    • (Optional) Check "Remove old secrets"
    • Click "Generate Secret"

  5. Copy & Save

    • Secret is displayed once
    • Click "Copy to Clipboard"
    • Secret is automatically stored in Key Vault with metadata
    • Click "Generate Another Secret" to continue

Keyboard Shortcuts

Key Action
Navigate dropdown items
Page Down Page Up Jump 5 items
Home End First/Last item
Enter Select item
Escape Close dropdown
Mouse Wheel Scroll in dropdown

📁 Project Structure

python-app/
├── main.py                          # Application entry point
├── config.py                        # App settings (no secrets!)
├── requirements.txt                 # Python dependencies
├── auth/
│   ├── graph_authenticator.py      # Microsoft Graph authentication
│   └── azure_authenticator.py      # Azure Resource Manager authentication
├── services/
│   ├── app_registration_service.py # App registration operations
│   ├── secret_service.py           # Secret generation/management
│   └── keyvault_service.py         # Key Vault operations
├── ui/
│   ├── components/
│   │   ├── unified_dropdown.py     # Custom dropdown component
│   │   └── tooltip.py              # Tooltip utility
│   ├── main_window.py              # Main application window
│   ├── login_frame.py              # Authentication UI
│   ├── subscription_selection_frame.py
│   ├── app_selection_frame.py      # App selection UI
│   ├── secret_generation_frame.py  # Secret generation form
│   └── result_frame.py             # Result display
└── utils/
    ├── sanitizer.py                # Name sanitization
    └── logger.py                   # Logging setup

🐛 Troubleshooting

Authentication Issues

Problem: "Authentication failed"

  • Solution: Ensure you have the required permissions in Azure AD
  • Clear cached credentials: Delete .azure folder in your home directory
  • Verify your account has access to the Azure subscription

Problem: Double login prompts

  • Solution: This has been fixed in the latest version - you should only login once

Permission Errors

Problem: "Failed to list applications"

  • Solution: Request Application.ReadWrite.All and Directory.Read.All permissions from your Azure AD admin

Problem: "Failed to store secret in Key Vault"

  • Solution: Ensure you have Key Vault Secrets Officer role on the target vault
  • Check Key Vault network settings allow your IP address

UI Issues

Problem: Dropdown list won't scroll

  • Solution: Updated in latest version - mouse wheel now scrolls the dropdown properly

Problem: Can't see all applications

  • Solution: Use keyboard navigation (arrow keys) or mouse wheel to scroll through large lists

General Issues

Problem: No subscriptions found

  • Solution: Verify your account has at least Reader access to one Azure subscription

Problem: No Key Vaults appear

  • Solution: Create a Key Vault in your subscription or request access to existing ones

📝 Logs

Application logs are stored in: logs/app_YYYYMMDD.log

Log levels:

  • INFO: Normal operations
  • ERROR: Failed operations with stack traces

🔒 Security Best Practices

  • Secrets are only displayed once in the UI
  • Secrets are never logged to files
  • Authentication uses Azure Identity library (secure token caching)
  • Uses Azure CLI public client ID (no app registration needed)
  • ⚠️ Always copy secrets immediately - they cannot be retrieved later
  • ⚠️ Store secrets in a secure password manager after generation

🏗️ Building Executable (Optional)

Create a standalone executable:

pip install pyinstaller
pyinstaller --onefile --windowed --name AzureKeyVaultManager main.py

Output: dist/AzureKeyVaultManager.exe (Windows) or dist/AzureKeyVaultManager (Linux/macOS)

Note: Executable size will be ~50-100MB due to bundled dependencies.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

  1. Fork the repository
  2. Create your feature branch (git checkout -b feature/AmazingFeature)
  3. Commit your changes (git commit -m 'Add some AmazingFeature')
  4. Push to the branch (git push origin feature/AmazingFeature)
  5. Open a Pull Request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

📮 Support

For issues, questions, or suggestions:

Made with ❤️ for Azure administrators

Reference in New Issue View Git Blame Copy Permalink