azure-keyvault-keys-rust
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Best use case
azure-keyvault-keys-rust is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Teams using azure-keyvault-keys-rust should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/azure-keyvault-keys-rust/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How azure-keyvault-keys-rust Compares
| Feature / Agent | azure-keyvault-keys-rust | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Azure Key Vault Keys SDK for Rust
Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.
## Installation
```sh
cargo add azure_security_keyvault_keys azure_identity
```
## Environment Variables
```bash
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
```
## Authentication
```rust
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
```
## Key Types
| Type | Description |
|------|-------------|
| RSA | RSA keys (2048, 3072, 4096 bits) |
| EC | Elliptic curve keys (P-256, P-384, P-521) |
| RSA-HSM | HSM-protected RSA keys |
| EC-HSM | HSM-protected EC keys |
## Core Operations
### Get Key
```rust
let key = client
.get_key("key-name", None)
.await?
.into_model()?;
println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));
```
### Create Key
```rust
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};
let params = CreateKeyParameters {
kty: KeyType::Rsa,
key_size: Some(2048),
..Default::default()
};
let key = client
.create_key("key-name", params.try_into()?, None)
.await?
.into_model()?;
```
### Create EC Key
```rust
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};
let params = CreateKeyParameters {
kty: KeyType::Ec,
curve: Some(CurveName::P256),
..Default::default()
};
let key = client
.create_key("ec-key", params.try_into()?, None)
.await?
.into_model()?;
```
### Delete Key
```rust
client.delete_key("key-name", None).await?;
```
### List Keys
```rust
use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
let name = key.resource_id()?.name;
println!("Key: {}", name);
}
```
### Backup Key
```rust
let backup = client.backup_key("key-name", None).await?;
// Store backup.value safely
```
### Restore Key
```rust
use azure_security_keyvault_keys::models::RestoreKeyParameters;
let params = RestoreKeyParameters {
key_bundle_backup: backup_bytes,
};
client.restore_key(params.try_into()?, None).await?;
```
## Cryptographic Operations
Key Vault can perform crypto operations without exposing the private key:
```rust
// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)
```
## Best Practices
1. **Use Entra ID auth** — `DeveloperToolsCredential` for dev, `ManagedIdentityCredential` for production
2. **Use HSM keys for sensitive workloads** — hardware-protected keys
3. **Use EC for signing** — more efficient than RSA
4. **Use RSA for encryption** — when encrypting data
5. **Backup keys** — for disaster recovery
6. **Enable soft delete** — required for production vaults
7. **Use key rotation** — create new versions periodically
## RBAC Permissions
Assign these Key Vault roles:
- `Key Vault Crypto User` — use keys for crypto operations
- `Key Vault Crypto Officer` — full CRUD on keys
## Reference Links
| Resource | Link |
|----------|------|
| API Reference | https://docs.rs/azure_security_keyvault_keys |
| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys |
| crates.io | https://crates.io/crates/azure_security_keyvault_keys |Related Skills
zero-trust-config-helper
Zero Trust Config Helper - Auto-activating skill for Security Advanced. Triggers on: zero trust config helper, zero trust config helper Part of the Security Advanced skill category.
azure-ml-deployer
Azure Ml Deployer - Auto-activating skill for ML Deployment. Triggers on: azure ml deployer, azure ml deployer Part of the ML Deployment skill category.
azure-verified-modules
Azure Verified Modules (AVM) requirements and best practices for developing certified Azure Terraform modules. Use when creating or reviewing Azure modules that need AVM certification.
azure-image-builder
Build Azure managed images and Azure Compute Gallery images with Packer. Use when creating custom images for Azure VMs.
terraform-azurerm-set-diff-analyzer
Analyze Terraform plan JSON output for AzureRM Provider to distinguish between false-positive diffs (order-only changes in Set-type attributes) and actual resource changes. Use when reviewing terraform plan output for Azure resources like Application Gateway, Load Balancer, Firewall, Front Door, NSG, and other resources with Set-type attributes that cause spurious diffs due to internal ordering changes.
rust-mcp-server-generator
Generate a complete Rust Model Context Protocol server project with tools, prompts, resources, and tests using the official rmcp SDK
azure-static-web-apps
Helps create, configure, and deploy Azure Static Web Apps using the SWA CLI. Use when deploying static sites to Azure, setting up SWA local development, configuring staticwebapp.config.json, adding Azure Functions APIs to SWA, or setting up GitHub Actions CI/CD for Static Web Apps.
azure-resource-health-diagnose
Analyze Azure resource health, diagnose issues from logs and telemetry, and create a remediation plan for identified problems.
azure-pricing
Fetches real-time Azure retail pricing using the Azure Retail Prices API (prices.azure.com) and estimates Copilot Studio agent credit consumption. Use when the user asks about the cost of any Azure service, wants to compare SKU prices, needs pricing data for a cost estimate, mentions Azure pricing, Azure costs, Azure billing, or asks about Copilot Studio pricing, Copilot Credits, or agent usage estimation. Covers compute, storage, networking, databases, AI, Copilot Studio, and all other Azure service families.
azure-devops-cli
Manage Azure DevOps resources via CLI including projects, repos, pipelines, builds, pull requests, work items, artifacts, and service endpoints. Use when working with Azure DevOps, az commands, devops automation, CI/CD, or when user mentions Azure DevOps CLI.
azure-deployment-preflight
Performs comprehensive preflight validation of Bicep deployments to Azure, including template syntax validation, what-if analysis, and permission checks. Use this skill before any deployment to Azure to preview changes, identify potential issues, and ensure the deployment will succeed. Activate when users mention deploying to Azure, validating Bicep files, checking deployment permissions, previewing infrastructure changes, running what-if, or preparing for azd provision.
ralph-tui-create-beads-rust
Convert PRDs to beads for ralph-tui execution using beads-rust (br CLI). Creates an epic with child beads for each user story. Use when you have a PRD and want to use ralph-tui with beads-rust as the task source. Triggers on: create beads, convert prd to beads, beads for ralph, ralph beads, br beads.