Skills
skills/sickn33/antigravity-awesome-skills/azure-keyvault-secrets-rust

azure-keyvault-secrets-rust

SKILL.md

Azure Key Vault Secrets SDK for Rust

Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.

Installation

cargo add azure_security_keyvault_secrets azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Core Operations

Get Secret

let secret = client
    .get_secret("secret-name", None)
    .await?
    .into_model()?;

println!("Secret value: {:?}", secret.value);

Set Secret

use azure_security_keyvault_secrets::models::SetSecretParameters;

let params = SetSecretParameters {
    value: Some("secret-value".into()),
    ..Default::default()
};

let secret = client
    .set_secret("secret-name", params.try_into()?, None)
    .await?
    .into_model()?;

Update Secret Properties

use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;

let params = UpdateSecretPropertiesParameters {
    content_type: Some("text/plain".into()),
    tags: Some(HashMap::from([("env".into(), "prod".into())])),
    ..Default::default()
};

client
    .update_secret_properties("secret-name", params.try_into()?, None)
    .await?;

Delete Secret

client.delete_secret("secret-name", None).await?;

List Secrets

use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
    let name = secret.resource_id()?.name;
    println!("Secret: {}", name);
}

Get Specific Version

use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;

let options = SecretClientGetSecretOptions {
    secret_version: Some("version-id".into()),
    ..Default::default()
};

let secret = client
    .get_secret("secret-name", Some(options))
    .await?
    .into_model()?;

Best Practices

  1. Use Entra ID authDeveloperToolsCredential for dev, ManagedIdentityCredential for production
  2. Use into_model()? — to deserialize responses
  3. Use ResourceExt trait — for extracting names from IDs
  4. Handle soft delete — deleted secrets can be recovered within retention period
  5. Set content type — helps identify secret format
  6. Use tags — for organizing and filtering secrets
  7. Version secrets — new values create new versions automatically

RBAC Permissions

Assign these Key Vault roles:

  • Key Vault Secrets User — get and list
  • Key Vault Secrets Officer — full CRUD

Reference Links

Resource Link
API Reference https://docs.rs/azure_security_keyvault_secrets
Source Code https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets
crates.io https://crates.io/crates/azure_security_keyvault_secrets

When to Use

This skill is applicable to execute the workflow or actions described in the overview.

Weekly Installs
20
Repository
sickn33/antigra…e-skills
GitHub Stars
21.0K
First Seen
Feb 17, 2026
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
codex20
openclaw19
gemini-cli19
antigravity19
claude-code19
github-copilot19