News

AZURE KEY VAULT – JSON SECRETS IMPORT-EXPORT TOOL

stp2y0 Comments
AZURE KEY VAULT - JSON SECRETS IMPORT-EXPORT TOOL




Introduction

Azure Key Vault is a cloud service provided by Microsoft Azure that allows you to securely store and manage sensitive information such as API keys, passwords, certificates, and other secrets. It is widely used by developers and organizations to safeguard secrets used by their applications and services. By centralizing the storage of secrets, Azure Key Vault helps to control access and reduce the risk of accidental exposure.

Developers often need to interact with Azure Key Vault to manage these
secrets. The Azure Command-Line Interface (CLI) is a powerful tool that allows developers to perform various operations on Azure resources, including Azure Key Vault. Using Azure CLI, developers can create, retrieve, update, and delete secrets in Azure Key Vault.

However, Azure CLI lacks native support for bulk importing and exporting
secrets in JSON format. This limitation poses a challenge for developers who need to maintain and manage a large number of secrets efficiently. Manually importing or exporting secrets one by one can be time-consuming and error prone.

The idea for the “Azure Key Vault – JSON Secrets Import/Export Tool”
originated from a practical need within our development team. Developers in the team were maintaining their secrets in JSON files and needed a way to upload these secrets to Azure Key Vault in bulk. They also wanted a convenient way to export all the existing secrets to a JSON file. The absence of a native Azure CLI feature for bulk import/export of secrets in JSON format led to the development of this tool.



Evolution of the Tool

Initially, the tool started as a basic PowerShell script. This script provided the core functionality needed to interact with Azure Key Vault, including the ability to export and import secrets. While the script was functional, it required developers to run the script, which was not user-friendly and prone to errors while also requiring the Powershell know-how to run it.

For example, the initial script execution looked like this:

azkvtool.ps1 -vault_name "mykeyvault" -file_name "secrets.json"
Enter fullscreen mode

Exit fullscreen mode

This command-line interface (CLI) approach required users to have a good
understanding of PowerShell and the terminal, which could be a barrier for some developers and normal users.

To improve usability and make the tool more accessible to developers and
users who may not be familiar with PowerShell or terminal commands, the
script was enhanced with a graphical user interface (GUI) using Windows
Forms. This transformation aimed to provide a more intuitive and interactive experience for users, allowing them to perform operations with ease.

Image description

Image description

The next significant improvement was the addition of Azure login checks.
The tool now verifies if the user is logged into Azure before performing any operations. If the user is not logged in, the tool provides options to log in using either a personal account or a service principal. This enhancement was a big step in ease of use for normal users, as it streamlined the login process and ensured that users had the necessary permissions to interact with Azure Key Vault.

Image description
Image description
Image description

To further enhance usability and distribution, the tool was converted into a standalone executable (.exe) file for running on Windows. This conversion was achieved using a tool called ps2exe, which packages the PowerShell script and its dependencies into a single executable file. This step eliminated the need for users to have PowerShell or the script’s dependencies installed on their systems. Users can now simply download and run the .exe file, making the tool more accessible and easier to distribute within the organization.

And then came the pièce de résistance (Google it!) — Dark Mode! Because
let’s face it, no developer tool is complete without a dark mode. It’s
practically a rite of passage. The tool was updated to include a dark mode option, catering to the essential need of developers/users to work in a dimly lit environment, reducing eye strain and making them feel like they’re hacking into the Matrix. With a simple toggle, users can switch between light and dark modes, ensuring that their retinas remain unscathed during those late-night coding sessions.

Image description



Software Requirements

  • Windows Operating System: The executable is designed to run on
    Windows.

  • Azure CLI: Install the Azure CLI to interact with Azure services – Azure CLI Installation Guide



Language and Frameworks/Libraries Used

This tool is developed using the following language and frameworks/libraries:

  • PowerShell:

    • The primary scripting language used to develop this tool. PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and the associated scripting language.

  • Windows Forms:

    • A graphical (GUI) class library included as a part of Microsoft’s .NET Framework, used to create rich desktop applications. In this tool, Windows Forms is used to create the user interface for the Azure login, export, and import processes.

  • Azure CLI:

    • The Azure Command-Line Interface (CLI) is a set of commands used to create and manage Azure resources. This tool leverages Azure CLI commands to interact with Azure Key Vault for listing, exporting, and importing secrets.

  • System.Drawing:

    • A namespace within the .NET Framework that provides access to basic graphics functionality. It is used in this tool to handle graphical elements such as fonts, colors, and images within the Windows Forms interface for Azure login, export, and import processes.



Export Secrets

The export process involves exporting secrets from an Azure Key Vault to a JSON file. Follow these steps to perform the export:

  1. Check Azure Login Status:

    • The script checks if you are logged in to your Azure account using the CheckAzureLogin function.
    • If not logged in, a login form is displayed.

  2. Login To Azure:

    • Choose the login method (User Account or Service Principal) from the login form.
    • For User Account, click the “User Account” button and follow the login prompts.
    • For Service Principal, click the “Service Principal” button, enter the required details (SP Username, Secret, Tenant ID), and click “Login”.

  3. Select Export Operation:

    • After successful login, the ShowChoiceForm function displays a form to select the operation.
    • Select “Export Secrets” and click “Continue”.

  4. Main Export Form:

    • The ShowMainForm function displays the main export form.
    • Select the Azure subscription from the dropdown.
    • Select the Key Vault from the dropdown (populated based on the selected subscription).
    • Enter the export file name (must end with .json).

  5. Start Export:

    • Click the “Start Export” button to begin the export process.
    • The script fetches the secrets from the selected Key Vault and saves them to the specified JSON file.
    • A progress bar and status label provide feedback on the export progress.
    • Once the export is complete, a message box confirms the successful export.

Image description

Image description



Import Secrets

The import process involves importing secrets from a JSON file into an Azure Key Vault. Follow these steps to perform the import:

  1. Check Azure Login Status:

    • The script checks if you are logged in to your Azure account
      using the CheckAzureLogin function.
    • If not logged in, a login form is displayed.

  2. Login To Azure:

    • Choose the login method (User Account or Service Principal)
      from the login form.
    • For User Account, click the “User Account” button and follow the login prompts.
    • For Service Principal, click the “Service Principal” button, enter
      the required details (SP Username, Secret, Tenant ID), and click “Login”.

  3. Select Import Operation:

    • After successful login, the ShowChoiceForm function displays a
      form to select the operation.
    • Select “Import Secrets” and click “Continue”.

  4. Main Import Form:

    • The ShowImportForm function displays the main import form.
    • Select the Azure subscription from the dropdown.
    • Select the Key Vault from the dropdown (populated based on the selected subscription).
    • Click the “Browse” button to select the JSON file containing the secrets to be imported.

  5. Start Import:

    • Click the “Upload Secrets” button to begin the import process.
    • The script reads the secrets from the selected JSON file and uploads them to the specified Key Vault.
    • A progress bar and status label provide feedback on the import progress.
    • Once the import is complete, a message box confirms the successful import.

Image description

Image description



Conclusion

The Azure Key Vault – JSON Secrets Import/Export Tool provides a comprehensive and user-friendly interface for managing Azure Key Vault secrets. It allows users to seamlessly export secrets from an Azure Key Vault to a JSON file and import secrets from a JSON file into an Azure Key Vault.

By following the steps outlined in the documentation, users can efficiently manage their Azure Key Vault secrets using this tool. The script ensures a smooth and secure process for both exporting and importing secrets, making it a valuable utility for Azure administrators and developers.



Link to the Tool

Github



Source link
lol

By stp2y

Leave a Reply

Your email address will not be published. Required fields are marked *

No widgets found. Go to Widget page and add the widget in Offcanvas Sidebar Widget Area.