Azure Key Vault Secrets SDK for Rust. Use for storing and retrieving secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust".

SKILL.md•azure-keyvault-secrets-rust

Azure Key Vault Secrets SDK for Rust

Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.

Installation

cargo add azure_security_keyvault_secrets azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Core Operations

Get Secret

let secret = client
    .get_secret("secret-name", None)
    .await?
    .into_model()?;

println!("Secret value: {:?}", secret.value);

Set Secret

use azure_security_keyvault_secrets::models::SetSecretParameters;

let params = SetSecretParameters {
    value: Some("secret-value".into()),
    ..Default::default()
};

let secret = client
    .set_secret("secret-name", params.try_into()?, None)
    .await?
    .into_model()?;

Update Secret Properties

use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;

let params = UpdateSecretPropertiesParameters {
    content_type: Some("text/plain".into()),
    tags: Some(HashMap::from([("env".into(), "prod".into())])),
    ..Default::default()
};

client
    .update_secret_properties("secret-name", params.try_into()?, None)
    .await?;

Delete Secret

client.delete_secret("secret-name", None).await?;

List Secrets

use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
    let name = secret.resource_id()?.name;
    println!("Secret: {}", name);
}

Get Specific Version

use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;

let options = SecretClientGetSecretOptions {
    secret_version: Some("version-id".into()),
    ..Default::default()
};

let secret = client
    .get_secret("secret-name", Some(options))
    .await?
    .into_model()?;

Best Practices

Use Entra ID auth — DeveloperToolsCredential for dev, ManagedIdentityCredential for production
Use into_model()? — to deserialize responses
Use ResourceExt trait — for extracting names from IDs
Handle soft delete — deleted secrets can be recovered within retention period
Set content type — helps identify secret format
Use tags — for organizing and filtering secrets
Version secrets — new values create new versions automatically

RBAC Permissions

Assign these Key Vault roles:

Key Vault Secrets User — get and list
Key Vault Secrets Officer — full CRUD

Reference Links

Resource	Link
API Reference	https://docs.rs/azure_security_keyvault_secrets
Source Code	https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets
crates.io	https://crates.io/crates/azure_security_keyvault_secrets

When to Use

This skill is applicable to execute the workflow or actions described in the overview.

> azure-keyvault-secrets-rust

Azure Key Vault Secrets SDK for Rust

Installation

Environment Variables

Authentication

Core Operations

Get Secret

Set Secret

Update Secret Properties

Delete Secret

List Secrets

Get Specific Version

Best Practices

RBAC Permissions

Reference Links

When to Use

> related_skills --same-repo

> zustand-store-ts

> zoom-automation

> zoho-crm-automation

> zod-validation-expert

┌ stats

┌ repo