Visit the releases section to download the application. Still in active development but in a usable state
Key Vault Explorer is a lightweight tool with the idea to simplify finding and accessing secrets (and certificates and keys) stored in Azure Key Vault, providing a interface for aggregating, filtering, and quickly getting secret values. The app was inspired by the original AzureKeyVaultExplorer with the goal to eventually bring some more feature parity but first brining the application to macOS.
- Signing in with a Microsoft Account See how credentials are secured
- Support to selectively include/exclude subscriptions to show resource groups and key vaults in the tree
- Ability to filter subscriptions, resource groups, and key vaults by name
- Saving vaults to "pinned" section in quick access menu and saving selected subscriptions in SQLite
- Copy secrets to the clipboard using Control+C
- Automatic clearing of clipboard values after a set amount of time (configurable up to 60 seconds)
- Viewing details and tags about values
- Filtering and sorting of values
- Viewing last updates and next to expire values
- Downloading and saving .pfx and .cer files
- No telemetry or logs collected
- SQLite Database encryption using DPAPI and KeyChain on Mac
The authentication and credentials storage uses Microsoft.Identity.Client.Extensions.Msal library are encrypted and stored with DPAPI on windows, and the keychain on macOS (you may be prompted multiple times to grant rights). The security is pulled directly from this document: https://github.com/AzureAD/microsoft-authentication-extensions-for-dotnet/wiki/Cross-platform-Token-Cache#configuring-the-token-cache
The SQLite database is encrypted using DPAPI on windows, and on macOS the password in the keychain.
You will need the latest version of the .NET 8 SDK, and Visual Studio 2022 (this can be downloaded from the Microsoft Store).
Clone the project, open the .\AzureKeyVaultExplorer directory and open the solution file called "kv.sln" or "kv.slnx".
Get it from the Microsoft store!
Please follow this Microsoft learn article if you encounter this error: https://learn.microsoft.com/en-us/answers/questions/1393470/azure-enterprise-apps-missing-a-permission-listed
https://login.microsoftonline.com/{the id of your customer tenant}/adminconsent?client_id={client id}
You can also download from the release section for exe and macOS versions: https://github.com/cricketthomas/AzureKeyVaultExplorer/releases
If downloaded from this section, you will need to follow this guide to run the app: #67 (comment)
Install the latest .NET 8 SDK: https://dotnet.microsoft.com/en-us/download/dotnet
-
Open PowerShell 7+ (on windows, Linux and mac, or zsh on mac)
-
cd c:\repos(choose the folder of your choice) -
git clone https://github.com/cricketthomas/AzureKeyVaultExplorer.git(to clone/download the sources) -
cd AzureKeyVaultExplorer(to get into the freshly cloned repo) -
.\build.ps1 -RunBuild -Platform net8.0 -Runtime win-x64(other platforms include win-arm64, osx-x64, osx-arm64, linux-x64). To build a self contained.exeplease run.\build.ps1 -Runtime win-x64 -PublishAot:$false, you can ignore the.pdbfiles.
If you get an error message stating "Platform linker not found" when building on Windows, please ensure you have all the required prerequisites documented at https://aka.ms/nativeaot-prerequisites, in particular the Desktop Development for C++ workload in Visual Studio.
Open the Visual Studio Installer, Modify, install Desktop Development for C++
For ARM64 development also install C++ ARM64 build tools.
Repeat step 5. The build starts and might take a couple of minutes. The final output looks something like this: Desktop -> C:\Repos\AzureKeyVaultExplorer\publish\
-
Open that folder in Windows Explorer and run
keyvaultexplorerdesktop.exe. On macOS, aKey Vault Explorer.appmac os package will be generated in the publish directory. Move this to "Applications", you will have to force open the app using System Preferences, and click "Open anyway". -
It will launch your default browser window and prompt you to login and grant consent.
The app is now verified as I am member of the Microsoft Partner Program.
When you run it for the first time, it creates an enterprise application in your tenant.
Please contact your Azure tenant admin to make sure the application has been consented for use.
Otherwise you will get an error message, see the "First time installs in Azure Tenant:" section
Alternatively, you create an enterprise application with the following permissions, then you can modify the clientId in the Constants.cs file to your newly created app that is hosted in your own tenant.
Thank you to reddit user AzureToujours for helping with the readme.
The folder where all app associated data like the database and other encrypted files is /Users/YOUR_USER_NAME/Library/Application Support/KeyVaultExplorer/ on macOS
and C:\Users\YOUR_USER_NAME\AppData\Local\KeyVaultExplorer on Windows.
If you're facing trouble, I recommend deleting all files in the directory. On macOS, i also recommend opening the key chain and deleting everything that begins with "keyvaultexplorer_".
When downloading on windows, you may have to click properties on the exe/application file and check the "unblock" checkbox to allow running the application on the machine if you get a messages saying the app needs another app from the microsoft store to download.
Accepting PRs, suggestions, code reviews, feature requests and more. This is my first time using AvaloniaUI and building a desktop application so all feedback is welcome.
- .NET 8
- Avalonia
- FluentAvalonia
- Azure.ResourceManager.KeyVault
- Azure.Security.KeyVault.Certificates
- Azure.Security.KeyVault.Keys
- Azure.Security.KeyVault.Secrets
- CommunityToolkit.Mvvm
- Microsoft.Data.Sqlite
- Microsoft.Extensions.Caching.Memory
- Microsoft.Identity.Client.Extensions.Msal
- Microsoft.Extensions.DependencyInjection