OpenSkillIndex← back to search
claude-code

Marketplace azure-keyvault-secrets-rust

install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/sickn33/azure-keyvault-secrets-rust" ~/.claude/skills/aiskillstore-marketplace-azure-keyvault-secrets-rust && rm -rf "$T"
manifest: skills/sickn33/azure-keyvault-secrets-rust/SKILL.md
source content

Azure Key Vault Secrets SDK for Rust

Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.

Installation

cargo add azure_security_keyvault_secrets azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Core Operations

Get Secret

let secret = client
    .get_secret("secret-name", None)
    .await?
    .into_model()?;

println!("Secret value: {:?}", secret.value);

Set Secret

use azure_security_keyvault_secrets::models::SetSecretParameters;

let params = SetSecretParameters {
    value: Some("secret-value".into()),
    ..Default::default()
};

let secret = client
    .set_secret("secret-name", params.try_into()?, None)
    .await?
    .into_model()?;

Update Secret Properties

use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;

let params = UpdateSecretPropertiesParameters {
    content_type: Some("text/plain".into()),
    tags: Some(HashMap::from([("env".into(), "prod".into())])),
    ..Default::default()
};

client
    .update_secret_properties("secret-name", params.try_into()?, None)
    .await?;

Delete Secret

client.delete_secret("secret-name", None).await?;

List Secrets

use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
    let name = secret.resource_id()?.name;
    println!("Secret: {}", name);
}

Get Specific Version

use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;

let options = SecretClientGetSecretOptions {
    secret_version: Some("version-id".into()),
    ..Default::default()
};

let secret = client
    .get_secret("secret-name", Some(options))
    .await?
    .into_model()?;

Best Practices

  1. Use Entra ID auth
    DeveloperToolsCredential
    for dev, 
    ManagedIdentityCredential
    for production
  2. Use 
    into_model()?
     — to deserialize responses
  3. Use 
    ResourceExt
    trait     — for extracting names from IDs
  4. Handle soft delete — deleted secrets can be recovered within retention period
  5. Set content type — helps identify secret format
  6. Use tags — for organizing and filtering secrets
  7. Version secrets — new values create new versions automatically

RBAC Permissions

Assign these Key Vault roles:

  • Key Vault Secrets User
    — get and list
  • Key Vault Secrets Officer
    — full CRUD

Reference Links

ResourceLink
API Referencehttps://docs.rs/azure_security_keyvault_secrets
Source Codehttps://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets
crates.iohttps://crates.io/crates/azure_security_keyvault_secrets