azure-keyvault-secrets-ts
Pass
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: SAFE
Full Analysis
- Secure Authentication Practices: The skill consistently recommends the use of
DefaultAzureCredentialfrom the@azure/identitypackage. This is a security best practice that allows applications to use Managed Identities in production and environment-based credentials in development, significantly reducing the risk of hardcoded secret exposure. - Credential Exposure Mitigation: Both the main instructions and the acceptance criteria explicitly warn against hardcoding secrets or vault URLs. It provides clear guidance on using environment variables for configuration, aligning with secure software development principles.
- Official SDK Integration: All operations are performed using official, well-maintained Microsoft libraries (
@azure/keyvault-secrets,@azure/keyvault-keys, and@azure/identity). Using these standard packages ensures that the skill leverages the latest security updates and official service integrations. - Least Privilege and Data Lifecycle: The documentation includes guidance on setting expiration dates for secrets, enabling soft-delete protection, and implementing key rotation policies. These are critical defensive measures for maintaining a robust security posture in cloud environments.
Audit Metadata