陌讯skills聚合平台

azure-keyvault-secrets-rust

📁 microsoft/skills 📅 8 days ago
0
总安装量
2
周安装量
#55865
全站排名
安装命令
npx skills add https://github.com/microsoft/skills --skill azure-keyvault-secrets-rust

Agent 安装分布

opencode 1
gemini-cli 1
claude-code 1
github-copilot 1
codex 1
kimi-cli 1

Skill 文档

Azure Key Vault Secrets SDK for Rust

Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.

Installation

cargo add azure_security_keyvault_secrets azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Core Operations

Get Secret

let secret = client
    .get_secret("secret-name", None)
    .await?
    .into_model()?;

println!("Secret value: {:?}", secret.value);

Set Secret

use azure_security_keyvault_secrets::models::SetSecretParameters;

let params = SetSecretParameters {
    value: Some("secret-value".into()),
    ..Default::default()
};

let secret = client
    .set_secret("secret-name", params.try_into()?, None)
    .await?
    .into_model()?;

Update Secret Properties

use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;

let params = UpdateSecretPropertiesParameters {
    content_type: Some("text/plain".into()),
    tags: Some(HashMap::from([("env".into(), "prod".into())])),
    ..Default::default()
};

client
    .update_secret_properties("secret-name", params.try_into()?, None)
    .await?;

Delete Secret

client.delete_secret("secret-name", None).await?;

List Secrets

use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
    let name = secret.resource_id()?.name;
    println!("Secret: {}", name);
}

Get Specific Version

use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;

let options = SecretClientGetSecretOptions {
    secret_version: Some("version-id".into()),
    ..Default::default()
};

let secret = client
    .get_secret("secret-name", Some(options))
    .await?
    .into_model()?;

Best Practices

  1. Use Entra ID auth — DeveloperToolsCredential for dev, ManagedIdentityCredential for production
  2. Use into_model()? — to deserialize responses
  3. Use ResourceExt trait — for extracting names from IDs
  4. Handle soft delete — deleted secrets can be recovered within retention period
  5. Set content type — helps identify secret format
  6. Use tags — for organizing and filtering secrets
  7. Version secrets — new values create new versions automatically

RBAC Permissions

Assign these Key Vault roles:

  • Key Vault Secrets User — get and list
  • Key Vault Secrets Officer — full CRUD

Reference Links

Resource Link
API Reference https://docs.rs/azure_security_keyvault_secrets
Source Code https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets
crates.io https://crates.io/crates/azure_security_keyvault_secrets
GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台
本页面由 陌讯 Skills 聚合平台 收录整理,数据定期更新。