Azure Key Vault Secret Manager

A modern, user-friendly GUI application for managing Azure App Registration secrets and Key Vault integration.

✨ Features

• 🔐 Single Sign-On: Interactive browser authentication - login once for both Microsoft Graph and Azure
• 🎯 Auto-Detection: Automatically detects your Azure tenant ID from logged-in account
• 📋 Subscription Selection: Choose your subscription from a dropdown (no more config files!)
• 🔍 Smart Dropdowns: Searchable, scrollable lists with keyboard navigation (Arrow keys, Page Up/Down, Home/End)
• 💡 Tooltips: Hover over items to see full names if truncated
• 🔑 Secret Management: Generate 50-year secrets with custom descriptions
• 🗑️ Cleanup: Optionally remove old secrets when creating new ones
• 💾 Key Vault Integration: Automatic storage with metadata tags
• 📋 Copy to Clipboard: One-click secret copying
• 🎨 Modern UI: Clean interface built with CustomTkinter (supports dark/light themes)
• ⚡ Smooth Performance: Optimized scrolling and no nested scroll lag

📸 Screenshots

[App Selection]     [Secret Generation]     [Result View]

🔧 Prerequisites

• Python 3.8+ (Python 3.11 recommended)
• Azure Permissions:
  • Application.ReadWrite.All (Microsoft Graph API)
  • Directory.Read.All (Microsoft Graph API)
  • Key Vault Secrets Officer role on target Key Vaults
  • Reader role on subscription/resource groups

Note: No need to create an App Registration! The app uses the Azure CLI public client ID for authentication.

🎨 Customization

Adding a Custom Icon

To replace the default Python icon with your own:

1. Create an icon file (.ico for Windows or .png for cross-platform)
2. Place it in one of these locations:
   • python-app/icon.ico or python-app/icon.png
   • python-app/assets/icon.ico or python-app/assets/icon.png
3. The application will automatically detect and use it on next launch

Recommended icon size: 256x256 pixels

📦 Installation

1. Clone the Repository

git clone https://github.com/yourusername/azure-keyvault-manager.git
cd azure-keyvault-manager/python-app

2. Create Virtual Environment

Windows:

python -m venv venv
venv\Scripts\activate

Linux/macOS:

python3 -m venv venv
source venv/bin/activate

3. Install Dependencies

pip install -r requirements.txt

4. Run the Application

python main.py

That's it! No configuration files to edit - the app auto-detects everything.

🚀 Usage

Quick Start Guide

1. Connect to Azure

   • Click "Connect to Azure"
   • Browser opens automatically
   • Sign in with your Azure account (admin credentials)
   • ✅ Authentication completes (single login!)

2. Select Subscription

   • Choose your Azure subscription from the dropdown
   • Apps and Key Vaults load automatically

3. Select App Registration

   • Click the App Registration dropdown
   • Scroll through the list or use keyboard navigation:
     • ↑ ↓ Arrow keys to navigate
     • Page Up Page Down to jump
     • Home End for first/last
     • Enter to select
     • Esc to close
   • Hover for tooltips on long names

4. Generate Secret

   • Enter a description (e.g., "Production API Key 2025")
   • Select a Key Vault
   • (Optional) Check "Remove old secrets"
   • Click "Generate Secret"

5. Copy & Save

   • Secret is displayed once
   • Click "Copy to Clipboard"
   • Secret is automatically stored in Key Vault with metadata
   • Click "Generate Another Secret" to continue

Keyboard Shortcuts

Key	Action
↓ ↑	Navigate dropdown items
Page Down Page Up	Jump 5 items
Home End	First/Last item
Enter	Select item
Escape	Close dropdown
Mouse Wheel	Scroll in dropdown

📁 Project Structure

python-app/
├── main.py                          # Application entry point
├── config.py                        # App settings (no secrets!)
├── requirements.txt                 # Python dependencies
├── auth/
│   ├── graph_authenticator.py      # Microsoft Graph authentication
│   └── azure_authenticator.py      # Azure Resource Manager authentication
├── services/
│   ├── app_registration_service.py # App registration operations
│   ├── secret_service.py           # Secret generation/management
│   └── keyvault_service.py         # Key Vault operations
├── ui/
│   ├── components/
│   │   ├── unified_dropdown.py     # Custom dropdown component
│   │   └── tooltip.py              # Tooltip utility
│   ├── main_window.py              # Main application window
│   ├── login_frame.py              # Authentication UI
│   ├── subscription_selection_frame.py
│   ├── app_selection_frame.py      # App selection UI
│   ├── secret_generation_frame.py  # Secret generation form
│   └── result_frame.py             # Result display
└── utils/
    ├── sanitizer.py                # Name sanitization
    └── logger.py                   # Logging setup

🐛 Troubleshooting

Authentication Issues

Problem: "Authentication failed"

• Solution: Ensure you have the required permissions in Azure AD
• Clear cached credentials: Delete .azure folder in your home directory
• Verify your account has access to the Azure subscription

Problem: Double login prompts

• Solution: This has been fixed in the latest version - you should only login once

Permission Errors

Problem: "Failed to list applications"

• Solution: Request Application.ReadWrite.All and Directory.Read.All permissions from your Azure AD admin

Problem: "Failed to store secret in Key Vault"

• Solution: Ensure you have Key Vault Secrets Officer role on the target vault
• Check Key Vault network settings allow your IP address

UI Issues

Problem: Dropdown list won't scroll

• Solution: Updated in latest version - mouse wheel now scrolls the dropdown properly

Problem: Can't see all applications

• Solution: Use keyboard navigation (arrow keys) or mouse wheel to scroll through large lists

General Issues

Problem: No subscriptions found

• Solution: Verify your account has at least Reader access to one Azure subscription

Problem: No Key Vaults appear

• Solution: Create a Key Vault in your subscription or request access to existing ones

📝 Logs

Application logs are stored in: logs/app_YYYYMMDD.log

Log levels:

• INFO: Normal operations
• ERROR: Failed operations with stack traces

🔒 Security Best Practices

• ✅ Secrets are only displayed once in the UI
• ✅ Secrets are never logged to files
• ✅ Authentication uses Azure Identity library (secure token caching)
• ✅ Uses Azure CLI public client ID (no app registration needed)
• ⚠️ Always copy secrets immediately - they cannot be retrieved later
• ⚠️ Store secrets in a secure password manager after generation

🏗️ Building Executable (Optional)

Create a standalone executable:

pip install pyinstaller
pyinstaller --onefile --windowed --name AzureKeyVaultManager main.py

Output: dist/AzureKeyVaultManager.exe (Windows) or dist/AzureKeyVaultManager (Linux/macOS)

Note: Executable size will be ~50-100MB due to bundled dependencies.

🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (git checkout -b feature/AmazingFeature)
3. Commit your changes (git commit -m 'Add some AmazingFeature')
4. Push to the branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.

🙏 Acknowledgments

• Built with CustomTkinter by Tom Schimansky
• Uses Azure SDK for Python
• Uses Microsoft Graph SDK for Python

📮 Support

For issues, questions, or suggestions:

• 🐛 Open an issue
• 💬 Start a discussion

---

Made with ❤️ for Azure administrators