azure-keyvault-keys-rust
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
About this skill
This skill empowers AI agents to securely manage cryptographic keys within Azure Key Vault using the Rust SDK. It facilitates the creation, retrieval, update, and deletion of various cryptographic key types, as well as performing sensitive operations like encryption, decryption, signing, and verification. By integrating with Azure Key Vault, it ensures that all key lifecycle management and cryptographic operations adhere to best practices for security, compliance, and auditing. Leveraging Rust's performance and memory safety, this skill is ideal for secure, high-performance applications. It's part of the 'antigravity-awesome-skills' collection, designed to extend an AI agent's ability to interact with external cloud services and perform complex security-related tasks.
Best use case
Automating cryptographic key management tasks in Azure Key Vault; Integrating secure digital signing and encryption capabilities into Rust applications; Generating Rust code for secure key creation and usage; Managing API keys, database credentials, or other sensitive secrets through Key Vault for Rust-based applications; Enhancing application security posture by offloading key management to a dedicated, secure service.
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Successful creation, retrieval, update, or deletion of cryptographic keys in Azure Key Vault; Secure execution of encryption, decryption, signing, or verification operations using managed keys; Generated Rust code snippets demonstrating how to interact with Azure Key Vault Keys programmatically; Enhanced security posture for applications relying on managed keys, with operations logged and auditable.
Practical example
Example input
Using Rust, create a new RSA key named 'payment-service-signing-key' in Azure Key Vault with signing and verification capabilities. Then, sign the message 'transaction_data_123' using this key.
Example output
```rust
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::{KeyClient, CreateRsaKeyOptions, KeyOperations};
use base64;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
let credential = DeveloperToolsCredential::new(None)?;
let key_vault_url = std::env::var("AZURE_KEYVAULT_URL")
.expect("AZURE_KEYVAULT_URL must be set.");
let client = KeyClient::new(&key_vault_url, credential)?;
let key_name = "payment-service-signing-key";
let options = CreateRsaKeyOptions::default()
.key_operations(vec![KeyOperations::Sign, KeyOperations::Verify]);
let rsa_key = client.create_rsa_key(key_name, options).await?;
println!("Successfully created RSA key: {}", rsa_key.name());
let data_to_sign = b"transaction_data_123";
let sign_result = client.sign(
key_name,
rsa_key.key_id().unwrap(), // Or specify algorithm if needed
azure_security_keyvault_keys::SignatureAlgorithm::Rs256,
data_to_sign,
).await?;
println!("Signed data: {}", base64::encode(sign_result.result()));
Ok(())
}
```
(Output would typically include confirmation of key creation, the key's properties, and the resulting signature in base64 encoding.)When to use this skill
- When an AI agent needs to programmatically interact with Azure Key Vault to manage cryptographic keys for a Rust application or service; When security requirements demand centralized, secure storage, and management of keys; For automating key rotation, backup, recovery, or auditing processes; When developing or debugging Rust applications that rely on Azure Key Vault for robust cryptographic services; To secure communication, data at rest, or user authentication flows.
When not to use this skill
- For managing secrets (passwords, connection strings) directly – use Azure Key Vault Secrets SDK for those; For managing certificates – use Azure Key Vault Certificates SDK instead; When the application or service is not built with Rust; When an agent needs to perform key management in a cloud provider other than Azure; For simple, non-cryptographic data storage that doesn't require high-security key management features.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/azure-keyvault-keys-rust/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How azure-keyvault-keys-rust Compares
| Feature / Agent | azure-keyvault-keys-rust | Standard Approach |
|---|---|---|
| Platform Support | Claude | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | medium | N/A |
Frequently Asked Questions
What does this skill do?
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
Which AI agents support this skill?
This skill is designed for Claude.
How difficult is it to install?
The installation complexity is rated as medium. You can find the installation instructions above.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
Best AI Skills for Claude
Explore the best AI skills for Claude and Claude Code across coding, research, workflow automation, documentation, and agent operations.
AI Agents for Startups
Explore AI agent skills for startup validation, product research, growth experiments, documentation, and fast execution with small teams.
AI Agents for Coding
Browse AI agent skills for coding, debugging, testing, refactoring, code review, and developer workflows across Claude, Cursor, and Codex.
SKILL.md Source
# Azure Key Vault Keys SDK for Rust
Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.
## Installation
```sh
cargo add azure_security_keyvault_keys azure_identity
```
## Environment Variables
```bash
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
```
## Authentication
```rust
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
```
## Key Types
| Type | Description |
|------|-------------|
| RSA | RSA keys (2048, 3072, 4096 bits) |
| EC | Elliptic curve keys (P-256, P-384, P-521) |
| RSA-HSM | HSM-protected RSA keys |
| EC-HSM | HSM-protected EC keys |
## Core Operations
### Get Key
```rust
let key = client
.get_key("key-name", None)
.await?
.into_model()?;
println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));
```
### Create Key
```rust
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};
let params = CreateKeyParameters {
kty: KeyType::Rsa,
key_size: Some(2048),
..Default::default()
};
let key = client
.create_key("key-name", params.try_into()?, None)
.await?
.into_model()?;
```
### Create EC Key
```rust
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};
let params = CreateKeyParameters {
kty: KeyType::Ec,
curve: Some(CurveName::P256),
..Default::default()
};
let key = client
.create_key("ec-key", params.try_into()?, None)
.await?
.into_model()?;
```
### Delete Key
```rust
client.delete_key("key-name", None).await?;
```
### List Keys
```rust
use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
let name = key.resource_id()?.name;
println!("Key: {}", name);
}
```
### Backup Key
```rust
let backup = client.backup_key("key-name", None).await?;
// Store backup.value safely
```
### Restore Key
```rust
use azure_security_keyvault_keys::models::RestoreKeyParameters;
let params = RestoreKeyParameters {
key_bundle_backup: backup_bytes,
};
client.restore_key(params.try_into()?, None).await?;
```
## Cryptographic Operations
Key Vault can perform crypto operations without exposing the private key:
```rust
// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)
```
## Best Practices
1. **Use Entra ID auth** — `DeveloperToolsCredential` for dev, `ManagedIdentityCredential` for production
2. **Use HSM keys for sensitive workloads** — hardware-protected keys
3. **Use EC for signing** — more efficient than RSA
4. **Use RSA for encryption** — when encrypting data
5. **Backup keys** — for disaster recovery
6. **Enable soft delete** — required for production vaults
7. **Use key rotation** — create new versions periodically
## RBAC Permissions
Assign these Key Vault roles:
- `Key Vault Crypto User` — use keys for crypto operations
- `Key Vault Crypto Officer` — full CRUD on keys
## Reference Links
| Resource | Link |
|----------|------|
| API Reference | https://docs.rs/azure_security_keyvault_keys |
| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys |
| crates.io | https://crates.io/crates/azure_security_keyvault_keys |
## When to Use
This skill is applicable to execute the workflow or actions described in the overview.Related Skills
microsoft-azure-webjobs-extensions-authentication-events-dotnet
Microsoft Entra Authentication Events SDK for .NET. Azure Functions triggers for custom authentication extensions.
azure-web-pubsub-ts
Real-time messaging with WebSocket connections and pub/sub patterns.
azure-storage-queue-ts
Azure Queue Storage JavaScript/TypeScript SDK (@azure/storage-queue) for message queue operations. Use for sending, receiving, peeking, and deleting messages in queues.
azure-storage-queue-py
Azure Queue Storage SDK for Python. Use for reliable message queuing, task distribution, and asynchronous processing.
azure-storage-file-share-ts
Azure File Share JavaScript/TypeScript SDK (@azure/storage-file-share) for SMB file share operations.
azure-storage-file-share-py
Azure Storage File Share SDK for Python. Use for SMB file shares, directories, and file operations in the cloud.
azure-storage-file-datalake-py
Azure Data Lake Storage Gen2 SDK for Python. Use for hierarchical file systems, big data analytics, and file/directory operations.
azure-storage-blob-ts
Azure Blob Storage JavaScript/TypeScript SDK (@azure/storage-blob) for blob operations. Use for uploading, downloading, listing, and managing blobs and containers.
azure-storage-blob-rust
Azure Blob Storage SDK for Rust. Use for uploading, downloading, and managing blobs and containers.
azure-storage-blob-py
Azure Blob Storage SDK for Python. Use for uploading, downloading, listing blobs, managing containers, and blob lifecycle.
azure-speech-to-text-rest-py
Azure Speech to Text REST API for short audio (Python). Use for simple speech recognition of audio files up to 60 seconds without the Speech SDK.
azure-servicebus-py
Azure Service Bus SDK for Python messaging. Use for queues, topics, subscriptions, and enterprise messaging patterns.