// Azure Key Vault Secrets library for Rust. Store and retrieve secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust", "list secrets rust".
Guide for creating effective skills for AI coding agents working with Azure SDKs and Microsoft Foundry services. Use when creating new skills or updating existing skills.
Azure Cosmos DB library for Rust (NoSQL API). Document CRUD, containers, and globally distributed data. Triggers: "cosmos db rust", "CosmosClient rust", "document crud rust", "NoSQL rust", "partition key rust".
Azure Event Hubs library for Rust. Send and receive events for streaming data ingestion and batch processing. Triggers: "event hubs rust", "ProducerClient rust", "ConsumerClient rust", "send event rust", "streaming rust", "eventhub rust".
Azure Identity library for Rust. Microsoft Entra ID authentication for all Azure SDK clients. Triggers: "azure identity rust", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust", "Entra ID rust".
Azure Key Vault Certificates library for Rust. Create, manage, and use X.509 certificates including self-signed and CA-issued. Triggers: "keyvault certificates rust", "CertificateClient rust", "create certificate rust", "self-signed certificate rust", "X.509 rust".
Azure Key Vault Keys library for Rust. Create, manage, and use cryptographic keys including RSA, EC, and HSM-protected keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "wrap key rust", "sign rust".
| name | azure-keyvault-secrets-rust |
| description | Azure Key Vault Secrets library for Rust. Store and retrieve secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust", "list secrets rust". |
| license | MIT |
| metadata | {"author":"Microsoft","package":"azure_security_keyvault_secrets"} |
Secure storage for passwords, API keys, and connection strings.
Use this skill when:
IMPORTANT: Only use the official
azure_security_keyvault_secretscrate published by the azure-sdk crates.io user. Do NOT use unofficial or community crates. Official crates use underscores in names and none have version 0.21.0.
cargo add azure_security_keyvault_secrets azure_identity tokio futures
Do not add
azure_coredirectly toCargo.toml. It is re-exported byazure_security_keyvault_secrets.
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/ # Required for all operations
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Local dev: DeveloperToolsCredential. Production: use ManagedIdentityCredential.
let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
let secret = client
.get_secret("secret-name", None)
.await?
.into_model()?;
println!("Secret: {:?}", secret.value);
Ok(())
}
use azure_security_keyvault_secrets::{models::SetSecretParameters, ResourceExt};
let params = SetSecretParameters {
value: Some("secret-value".into()),
..Default::default()
};
let secret = client
.set_secret("secret-name", params.try_into()?, None)
.await?
.into_model()?;
println!(
"Name: {:?}, Version: {:?}",
secret.resource_id()?.name,
secret.resource_id()?.version
);
use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;
#[allow(clippy::needless_update)]
let params = UpdateSecretPropertiesParameters {
content_type: Some("text/plain".into()),
tags: Some(HashMap::from_iter(vec![(
"env".into(),
"prod".into(),
)])),
..Default::default()
};
client
.update_secret_properties("secret-name", params.try_into()?, None)
.await?
.into_model()?;
client.delete_secret("secret-name", None).await?;
list_secret_properties returns a Pager<T> — iterate items directly:
use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt as _;
let mut pager = client.list_secret_properties(None)?;
while let Some(secret) = pager.try_next().await? {
println!("Found: {}", secret.resource_id()?.name);
}
use azure_core::{error::ErrorKind, http::StatusCode};
match client.get_secret("secret-name", None).await {
Ok(response) => println!("Secret: {:?}", response.into_model()?.value),
Err(e) => match e.kind() {
ErrorKind::HttpResponse { status, error_code, .. }
if *status == StatusCode::NotFound =>
{
println!("Secret not found");
if let Some(code) = error_code {
println!("ErrorCode: {code}");
}
}
_ => println!("Error: {e:?}"),
},
}
For Entra ID auth, assign one of these roles:
| Role | Access |
|---|---|
Key Vault Secrets User | Read secrets |
Key Vault Secrets Officer | Full secret management |
DeveloperToolsCredential for local development and ManagedIdentityCredential for production. The Rust SDK does not support DefaultAzureCredential, so explicitly use the appropriate credential in each environment..into_model() for response conversion. When retrieving secrets, use .into_model()? to convert HTTP responses into typed secret objects.SecretClient is thread-safe; create once, share across tasks| Resource | Link |
|---|---|
| API Reference | https://docs.rs/azure_security_keyvault_secrets |
| crates.io | https://crates.io/crates/azure_security_keyvault_secrets |