I-SecretUpdate/README.md

# Azure Key Vault Secret Manager

> A modern, user-friendly GUI application for managing Azure App Registration secrets and Key Vault integration.

![Python](https://img.shields.io/badge/python-3.8+-blue.svg)
![License](https://img.shields.io/badge/license-MIT-green.svg)
![Platform](https://img.shields.io/badge/platform-Windows%20%7C%20Linux%20%7C%20macOS-lightgrey.svg)

## ✨ Features

- 🔐 **Single Sign-On**: Interactive browser authentication - login once for both Microsoft Graph and Azure
- 🎯 **Auto-Detection**: Automatically detects your Azure tenant ID from logged-in account
- 📋 **Subscription Selection**: Choose your subscription from a dropdown (no more config files!)
- 🔍 **Smart Dropdowns**: Searchable, scrollable lists with keyboard navigation (Arrow keys, Page Up/Down, Home/End)
- 💡 **Tooltips**: Hover over items to see full names if truncated
- 🔑 **Secret Management**: Generate 50-year secrets with custom descriptions
- 🗑️ **Cleanup**: Optionally remove old secrets when creating new ones
- 💾 **Key Vault Integration**: Automatic storage with metadata tags
- 📋 **Copy to Clipboard**: One-click secret copying
- 🎨 **Modern UI**: Clean interface built with CustomTkinter (supports dark/light themes)
- ⚡ **Smooth Performance**: Optimized scrolling and no nested scroll lag

## 📸 Screenshots

<!-- Add your screenshots here -->
```
[App Selection]     [Secret Generation]     [Result View]
```

## 🔧 Prerequisites

- **Python 3.8+** (Python 3.11 recommended)
- **Azure Permissions**:
  - Application.ReadWrite.All (Microsoft Graph API)
  - Directory.Read.All (Microsoft Graph API)
  - Key Vault Secrets Officer role on target Key Vaults
  - Reader role on subscription/resource groups

**Note**: No need to create an App Registration! The app uses the Azure CLI public client ID for authentication.

## 🎨 Customization

### Adding a Custom Icon

To replace the default Python icon with your own:

1. Create an icon file (`.ico` for Windows or `.png` for cross-platform)
2. Place it in one of these locations:
   - `python-app/icon.ico` or `python-app/icon.png`
   - `python-app/assets/icon.ico` or `python-app/assets/icon.png`
3. The application will automatically detect and use it on next launch

**Recommended icon size**: 256x256 pixels

## 📦 Installation

### 1. Clone the Repository

```bash
git clone https://github.com/yourusername/azure-keyvault-manager.git
cd azure-keyvault-manager/python-app
```

### 2. Create Virtual Environment

**Windows:**
```bash
python -m venv venv
venv\Scripts\activate
```

**Linux/macOS:**
```bash
python3 -m venv venv
source venv/bin/activate
```

### 3. Install Dependencies

```bash
pip install -r requirements.txt
```

### 4. Run the Application

```bash
python main.py
```

**That's it!** No configuration files to edit - the app auto-detects everything.

## 🚀 Usage

### Quick Start Guide

1. **Connect to Azure**
   - Click **"Connect to Azure"**
   - Browser opens automatically
   - Sign in with your Azure account (admin credentials)
   - ✅ Authentication completes (single login!)

2. **Select Subscription**
   - Choose your Azure subscription from the dropdown
   - Apps and Key Vaults load automatically

3. **Select App Registration**
   - Click the App Registration dropdown
   - Scroll through the list or use keyboard navigation:
     - `↑` `↓` Arrow keys to navigate
     - `Page Up` `Page Down` to jump
     - `Home` `End` for first/last
     - `Enter` to select
     - `Esc` to close
   - Hover for tooltips on long names

4. **Generate Secret**
   - Enter a description (e.g., "Production API Key 2025")
   - Select a Key Vault
   - *(Optional)* Check "Remove old secrets"
   - Click **"Generate Secret"**

5. **Copy & Save**
   - Secret is displayed once
   - Click **"Copy to Clipboard"**
   - Secret is automatically stored in Key Vault with metadata
   - Click **"Generate Another Secret"** to continue

### Keyboard Shortcuts

| Key | Action |
|-----|--------|
| `↓` `↑` | Navigate dropdown items |
| `Page Down` `Page Up` | Jump 5 items |
| `Home` `End` | First/Last item |
| `Enter` | Select item |
| `Escape` | Close dropdown |
| `Mouse Wheel` | Scroll in dropdown |

## 📁 Project Structure

```
python-app/
├── main.py                          # Application entry point
├── config.py                        # App settings (no secrets!)
├── requirements.txt                 # Python dependencies
├── auth/
│   ├── graph_authenticator.py      # Microsoft Graph authentication
│   └── azure_authenticator.py      # Azure Resource Manager authentication
├── services/
│   ├── app_registration_service.py # App registration operations
│   ├── secret_service.py           # Secret generation/management
│   └── keyvault_service.py         # Key Vault operations
├── ui/
│   ├── components/
│   │   ├── unified_dropdown.py     # Custom dropdown component
│   │   └── tooltip.py              # Tooltip utility
│   ├── main_window.py              # Main application window
│   ├── login_frame.py              # Authentication UI
│   ├── subscription_selection_frame.py
│   ├── app_selection_frame.py      # App selection UI
│   ├── secret_generation_frame.py  # Secret generation form
│   └── result_frame.py             # Result display
└── utils/
    ├── sanitizer.py                # Name sanitization
    └── logger.py                   # Logging setup
```

## 🐛 Troubleshooting

### Authentication Issues

**Problem**: "Authentication failed"
- **Solution**: Ensure you have the required permissions in Azure AD
- Clear cached credentials: Delete `.azure` folder in your home directory
- Verify your account has access to the Azure subscription

**Problem**: Double login prompts
- **Solution**: This has been fixed in the latest version - you should only login once

### Permission Errors

**Problem**: "Failed to list applications"
- **Solution**: Request `Application.ReadWrite.All` and `Directory.Read.All` permissions from your Azure AD admin

**Problem**: "Failed to store secret in Key Vault"
- **Solution**: Ensure you have **Key Vault Secrets Officer** role on the target vault
- Check Key Vault network settings allow your IP address

### UI Issues

**Problem**: Dropdown list won't scroll
- **Solution**: Updated in latest version - mouse wheel now scrolls the dropdown properly

**Problem**: Can't see all applications
- **Solution**: Use keyboard navigation (arrow keys) or mouse wheel to scroll through large lists

### General Issues

**Problem**: No subscriptions found
- **Solution**: Verify your account has at least Reader access to one Azure subscription

**Problem**: No Key Vaults appear
- **Solution**: Create a Key Vault in your subscription or request access to existing ones

## 📝 Logs

Application logs are stored in: `logs/app_YYYYMMDD.log`

Log levels:
- **INFO**: Normal operations
- **ERROR**: Failed operations with stack traces

## 🔒 Security Best Practices

- ✅ Secrets are **only displayed once** in the UI
- ✅ Secrets are **never logged** to files
- ✅ Authentication uses Azure Identity library (secure token caching)
- ✅ Uses Azure CLI public client ID (no app registration needed)
- ⚠️ **Always copy secrets immediately** - they cannot be retrieved later
- ⚠️ Store secrets in a secure password manager after generation

## 🏗️ Building Executable (Optional)

Create a standalone executable:

```bash
pip install pyinstaller
pyinstaller --onefile --windowed --name AzureKeyVaultManager main.py
```

Output: `dist/AzureKeyVaultManager.exe` (Windows) or `dist/AzureKeyVaultManager` (Linux/macOS)

**Note**: Executable size will be ~50-100MB due to bundled dependencies.

## 🤝 Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

1. Fork the repository
2. Create your feature branch (`git checkout -b feature/AmazingFeature`)
3. Commit your changes (`git commit -m 'Add some AmazingFeature'`)
4. Push to the branch (`git push origin feature/AmazingFeature`)
5. Open a Pull Request

## 📄 License

This project is licensed under the MIT License - see the [LICENSE](LICENSE) file for details.

## 🙏 Acknowledgments

- Built with [CustomTkinter](https://github.com/TomSchimansky/CustomTkinter) by Tom Schimansky
- Uses [Azure SDK for Python](https://github.com/Azure/azure-sdk-for-python)
- Uses [Microsoft Graph SDK for Python](https://github.com/microsoftgraph/msgraph-sdk-python)

## 📮 Support

For issues, questions, or suggestions:
- 🐛 [Open an issue](https://github.com/yourusername/azure-keyvault-manager/issues)
- 💬 [Start a discussion](https://github.com/yourusername/azure-keyvault-manager/discussions)

---

**Made with ❤️ for Azure administrators**