// Azure Identity library for Rust. Microsoft Entra ID authentication for all Azure SDK clients. Triggers: "azure identity rust", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust", "Entra ID rust".
Guide for creating effective skills for AI coding agents working with Azure SDKs and Microsoft Foundry services. Use when creating new skills or updating existing skills.
Azure Cosmos DB library for Rust (NoSQL API). Document CRUD, containers, and globally distributed data. Triggers: "cosmos db rust", "CosmosClient rust", "document crud rust", "NoSQL rust", "partition key rust".
Azure Event Hubs library for Rust. Send and receive events for streaming data ingestion and batch processing. Triggers: "event hubs rust", "ProducerClient rust", "ConsumerClient rust", "send event rust", "streaming rust", "eventhub rust".
Azure Key Vault Certificates library for Rust. Create, manage, and use X.509 certificates including self-signed and CA-issued. Triggers: "keyvault certificates rust", "CertificateClient rust", "create certificate rust", "self-signed certificate rust", "X.509 rust".
Azure Key Vault Keys library for Rust. Create, manage, and use cryptographic keys including RSA, EC, and HSM-protected keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "wrap key rust", "sign rust".
Azure Key Vault Secrets library for Rust. Store and retrieve secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust", "list secrets rust".
| name | azure-identity-rust |
| description | Azure Identity library for Rust. Microsoft Entra ID authentication for all Azure SDK clients. Triggers: "azure identity rust", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust", "Entra ID rust". |
| license | MIT |
| metadata | {"author":"Microsoft","package":"azure_identity"} |
Microsoft Entra ID authentication for Azure SDK clients.
Use this skill when:
DeveloperToolsCredential for local developmentManagedIdentityCredential for Azure-hosted workloadsIMPORTANT: Only use official
azure_*crates published by the azure-sdk crates.io user. Do NOT use the deprecatedazure_sdk_*crates (MindFlavor/AzureSDKForRust) or community crates. Official crates use underscores in names and none have version 0.21.0.
Note: The Rust SDK does not have
DefaultAzureCredential. UseDeveloperToolsCredentialfor local development andManagedIdentityCredentialfor production.
cargo add azure_identity tokio
Do not add
azure_coredirectly toCargo.toml. It is re-exported by service crates.
AZURE_TENANT_ID=<your-tenant-id> # Required for service principal auth
AZURE_CLIENT_ID=<your-client-id> # Required for service principal or user-assigned managed identity
AZURE_CLIENT_SECRET=<your-client-secret> # Required for ClientSecretCredential
Tries Azure CLI then Azure Developer CLI:
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;
#[tokio::main]
async fn main() -> Result<(), Box<dyn std::error::Error>> {
// Local dev: DeveloperToolsCredential. Production: use ManagedIdentityCredential.
let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
let secret = client.get_secret("secret-name", None).await?.into_model()?;
println!("Secret: {:?}", secret.value);
Ok(())
}
Ensure you are logged in:
az login # Azure CLI
azd auth login # or Azure Developer CLI
| Order | Credential | Login Command |
|---|---|---|
| 1 | AzureCliCredential | az login |
| 2 | AzureDeveloperCliCredential | azd auth login |
For Azure-hosted resources (VMs, App Service, Functions, AKS):
use azure_identity::ManagedIdentityCredential;
// System-assigned managed identity
let credential = ManagedIdentityCredential::new(None)?;
// User-assigned managed identity
let options = ManagedIdentityCredentialOptions {
client_id: Some("<managed-identity-client-id>".into()),
..Default::default()
};
let credential = ManagedIdentityCredential::new(Some(options))?;
For CI/CD pipelines and service accounts:
use azure_identity::ClientSecretCredential;
let credential = ClientSecretCredential::new(
"<tenant-id>",
"<client-id>",
"<client-secret>",
None,
)?;
| Credential | Use Case |
|---|---|
DeveloperToolsCredential | Local development — tries CLI tools |
ManagedIdentityCredential | Azure VMs, App Service, Functions, AKS |
WorkloadIdentityCredential | Kubernetes workload identity |
ClientSecretCredential | Service principal with secret |
ClientCertificateCredential | Service principal with certificate |
AzureCliCredential | Direct Azure CLI auth |
AzureDeveloperCliCredential | Direct azd CLI auth |
AzurePipelinesCredential | Azure Pipelines service connection |
ClientAssertionCredential | Custom assertions (federated identity) |
DeveloperToolsCredential for local development and ManagedIdentityCredential for production. The Rust SDK does not support DefaultAzureCredential, so explicitly use the appropriate credential in each environment.credential.clone() when constructing multiple clients; credentials are Arc-wrapped and thread-safe| Resource | Link |
|---|---|
| API Reference | https://docs.rs/azure_identity |
| crates.io | https://crates.io/crates/azure_identity |