azure-keyvault-certificates-rust
12
总安装量
12
周安装量
#27077
全站排名
安装命令
npx skills add https://github.com/sickn33/antigravity-awesome-skills --skill azure-keyvault-certificates-rust
Agent 安装分布
codex
12
openclaw
11
gemini-cli
11
antigravity
11
claude-code
11
cursor
11
Skill 文档
Azure Key Vault Certificates SDK for Rust
Client library for Azure Key Vault Certificates â secure storage and management of certificates.
Installation
cargo add azure_security_keyvault_certificates azure_identity
Environment Variables
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
Authentication
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_certificates::CertificateClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = CertificateClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
Core Operations
Get Certificate
use azure_core::base64;
let certificate = client
.get_certificate("certificate-name", None)
.await?
.into_model()?;
println!(
"Thumbprint: {:?}",
certificate.x509_thumbprint.map(base64::encode_url_safe)
);
Create Certificate
use azure_security_keyvault_certificates::models::{
CreateCertificateParameters, CertificatePolicy,
IssuerParameters, X509CertificateProperties,
};
let policy = CertificatePolicy {
issuer_parameters: Some(IssuerParameters {
name: Some("Self".into()),
..Default::default()
}),
x509_certificate_properties: Some(X509CertificateProperties {
subject: Some("CN=example.com".into()),
..Default::default()
}),
..Default::default()
};
let params = CreateCertificateParameters {
certificate_policy: Some(policy),
..Default::default()
};
let operation = client
.create_certificate("cert-name", params.try_into()?, None)
.await?;
Import Certificate
use azure_security_keyvault_certificates::models::ImportCertificateParameters;
let params = ImportCertificateParameters {
base64_encoded_certificate: Some(base64_cert_data),
password: Some("optional-password".into()),
..Default::default()
};
let certificate = client
.import_certificate("cert-name", params.try_into()?, None)
.await?
.into_model()?;
Delete Certificate
client.delete_certificate("certificate-name", None).await?;
List Certificates
use azure_security_keyvault_certificates::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_certificate_properties(None)?.into_stream();
while let Some(cert) = pager.try_next().await? {
let name = cert.resource_id()?.name;
println!("Certificate: {}", name);
}
Get Certificate Policy
let policy = client
.get_certificate_policy("certificate-name", None)
.await?
.into_model()?;
Update Certificate Policy
use azure_security_keyvault_certificates::models::UpdateCertificatePolicyParameters;
let params = UpdateCertificatePolicyParameters {
// Update policy properties
..Default::default()
};
client
.update_certificate_policy("cert-name", params.try_into()?, None)
.await?;
Certificate Lifecycle
- Create â generates new certificate with policy
- Import â import existing PFX/PEM certificate
- Get â retrieve certificate (public key only)
- Update â modify certificate properties
- Delete â soft delete (recoverable)
- Purge â permanent deletion
Best Practices
- Use Entra ID auth â
DeveloperToolsCredentialfor dev - Use managed certificates â auto-renewal with supported issuers
- Set proper validity period â balance security and maintenance
- Use certificate policies â define renewal and key properties
- Monitor expiration â set up alerts for expiring certificates
- Enable soft delete â required for production vaults
RBAC Permissions
Assign these Key Vault roles:
Key Vault Certificates Officerâ full CRUD on certificatesKey Vault Readerâ read certificate metadata
Reference Links
When to Use
This skill is applicable to execute the workflow or actions described in the overview.