@lockzero/teams-app

@lockzero/teams-app

Microsoft Teams bot for LockZero — manage secrets, trigger rotations, and view provider health via Adaptive Cards.

Commands

Command	Description
@LockZero status	Adaptive Card with provider health table (🟢 healthy / 🟡 due / 🔴 overdue), with inline Rotate buttons
@LockZero list	Lists all providers with field counts
@LockZero rotate <namespace>	Sends a confirmation Adaptive Card; on confirm, executes rotation
@LockZero get <namespace[.FIELD]>	Sends secret value in a private 1:1 message — never posted to the channel

Security

• @LockZero get always creates/retrieves a 1:1 conversation with the requesting user and sends secrets there only
• Rotation requires clicking "Rotate Now" in the confirmation card, which has a separate cancel path
• Secrets are never included in channel replies or group messages

Setup

1. Create a Bot Framework registration

• Go to https://portal.azure.com → Azure Bot → Create
• Set messaging endpoint to https://<your-host>/api/messages
• Note your App ID and generate a Client Secret

2. Update the manifest

Replace "00000000-0000-0000-0000-000000000001" in manifest/manifest.json with your real Bot App ID.

3. Environment variables

Variable	Required	Description
MicrosoftAppId	Yes	Azure Bot App ID
MicrosoftAppPassword	Yes	Azure Bot client secret
LOCKZERO_API_KEY	Yes	From https://app.lockzero.io/settings/api-keys
LOCKZERO_BASE_URL	No	Defaults to https://api.lockzero.io
PORT	No	HTTP port, defaults to 3978

4. Run

npm install
npm run build
npm start

5. Sideload into Teams

• Zip the manifest/ folder contents (manifest.json + both icon PNGs)
• In Teams: Apps → Manage your apps → Upload a custom app
• Select your zip file

Icons

Replace manifest/color.png (192×192 px) and manifest/outline.png (32×32 px) with your LockZero logo variants before packaging.