Azure Key Vault Explorer

Overview

Visit the releases section to download the application. Still in active development but in a usable state

Key Vault Explorer is a lightweight tool with the idea to simplify finding and accessing secrets (and certitficates and keys) stored in Azure Key Vault, providing a interface for aggregating, filtering, and quickly getting secret values. The app was inspired by the original AzureKeyVaultExplorer with the goal to eventually bring some more feature parity but first brining the application to macOS.

Key features

• Signing in with a Microsoft Account See how credentials are secured
• Support to selectively include/exclude subscriptions to show resource groups and key vaults in the tree
• Ability to filter subscriptions, resrouce groups, and key vaults by name
• Saving vaults to "pinned" section in quick access menu and saving selected subscriptions in SQLite
• Copy secrets to the clipboard using Control+C
• Automatic clearing of clipboard values after a set amount of time (configurable up to 60 seconds)
• Viewing details and tags about values
• Filtering and sorting of values
• Viewing last updates and next to expire values
• Downloading and saving .pfx and .cer files

Privacy Features

• No telemetry or logs collected
• Sqlite Database encryption using DPAPI and KeyChain on Mac

Security

The authentication and credentials storage uses Microsoft.Identity.Client.Extensions.Msal library are encrypted and stored with DPAPI on windows, and the keychain on macOS (you may be prompted multiple times to grant rights). The security is pulled directly from this document: https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet/wiki/Cross-platform-Token-Cache#configuring-the-token-cache

The Sqlite database is encrypted using DPAPI on windows, and on macOS the password in the keychain.

Screenshots

Running the application:

Clone and set the start up project to be "Desktop".

Contribution

Accepting PRs, suggestions, code reviews, feature requests and more. This is my first time using avaloniaUI and building a desktop application so all feedback is welcome.

Building from source

• WindowsOS

  Download from the Microsoft Store:

  Run the following scripts check the publish directory for a folder. run .\AzureKeyVaultExplorer\build.ps1 -RunBuild -Platform net8.0 -Runtime win-x64 run .\AzureKeyVaultExplorer\build.ps1 -RunBuild -Platform net8.0 -Runtime win-arm64

• macOS

  Download from the release section:

  Run the following scripts and a 'Key Vault Explorer.app' mac os package will be generated in the publish directory. Move this to "Applications". run .\KeyVaultExplorer\build.ps1 -RunBuild -Platform net8.0 -Runtime osx-x64 run .\KeyVaultExplorer\build.ps1 -RunBuild -Platform net8.0 -Runtime osx-arm64

Troubleshooting

The folder where all app associated data like the database and other encrypted files is /Users/YOUR_USER_NAME/Library/Application Support/KeyVaultExplorer/ on macOS and C:\Users\YOUR_USER_NAME\AppData\Local\KeyVaultExplorer on Windows. If you're facing trouble, I recommend deleteing all files in the directory. On macOS, i also recommend opening the key chain and deleting everything that begins with "keyvaultexplorer_".

When downloading on windows, you may have to click properties on the exe/application file and check the "unblock" checkbox to allow running the application on the machine if you get a messages saying the app needs another app from the microsoft store to download.

Dependencies

• AvaloniaUI (Version: 11.0.10-preview2)
• FluentAvalonia (Version: 2.1.0-preview5)
• Azure.ResourceManager.KeyVault
• Azure.Security.KeyVault.Certificates
• Azure.Security.KeyVault.Keys
• Azure.Security.KeyVault.Secrets
• CommunityToolkit.Mvvm
• Microsoft.Data.Sqlite
• Microsoft.Extensions.Caching.Memory
• Microsoft.Identity.Client.Extensions.Msal
• Microsoft.Extensions.DependencyInjection