Manages Azure Key Vault secrets and keys using the @azure/keyvault-secrets SDK. Covers CRUD operations, key creation, and authentication.
How this skill is triggered — by the user, by Claude, or both
Slash command
/agentic-awesome-skills:azure-keyvault-secrets-tsThe summary Claude sees in its skill listing — used to decide when to auto-load this skill
Manage secrets with Azure Key Vault.
Manage secrets with Azure Key Vault.
# Secrets SDK
npm install @azure/keyvault-secrets @azure/identity
KEY_VAULT_URL=https://<vault-name>.vault.azure.net
# Or
AZURE_KEYVAULT_NAME=<vault-name>
import { DefaultAzureCredential } from "@azure/identity";
import { SecretClient } from "@azure/keyvault-secrets";
const credential = new DefaultAzureCredential();
const vaultUrl = `https://${process.env.AZURE_KEYVAULT_NAME}.vault.azure.net`;
const keyClient = new KeyClient(vaultUrl, credential);
const secretClient = new SecretClient(vaultUrl, credential);
const secret = await secretClient.setSecret("MySecret", "secret-value");
// With attributes
const secretWithAttrs = await secretClient.setSecret("MySecret", "value", {
enabled: true,
expiresOn: new Date("2025-12-31"),
contentType: "application/json",
tags: { environment: "production" }
});
// Get latest version
const secret = await secretClient.getSecret("MySecret");
console.log(secret.value);
// Get specific version
const specificSecret = await secretClient.getSecret("MySecret", {
version: secret.properties.version
});
for await (const secretProperties of secretClient.listPropertiesOfSecrets()) {
console.log(secretProperties.name);
}
// List versions
for await (const version of secretClient.listPropertiesOfSecretVersions("MySecret")) {
console.log(version.version);
}
// Soft delete
const deletePoller = await secretClient.beginDeleteSecret("MySecret");
await deletePoller.pollUntilDone();
// Purge (permanent)
await secretClient.purgeDeletedSecret("MySecret");
// Recover
const recoverPoller = await secretClient.beginRecoverDeletedSecret("MySecret");
await recoverPoller.pollUntilDone();
// Generic key
const key = await keyClient.createKey("MyKey", "RSA");
// RSA key with size
const rsaKey = await keyClient.createRsaKey("MyRsaKey", { keySize: 2048 });
// Elliptic Curve key
const ecKey = await keyClient.createEcKey("MyEcKey", { curve: "P-256" });
// With attributes
const keyWithAttrs = await keyClient.createKey("MyKey", "RSA", {
enabled: true,
expiresOn: new Date("2025-12-31"),
tags: { purpose: "encryption" },
keyOps: ["encrypt", "decrypt", "sign", "verify"]
});
const key = await keyClient.getKey("MyKey");
console.log(key.name, key.keyType);
for await (const keyProperties of keyClient.listPropertiesOfKeys()) {
console.log(keyProperties.name);
}
// Manual rotation
const rotatedKey = await keyClient.rotateKey("MyKey");
// Set rotation policy
await keyClient.updateKeyRotationPolicy("MyKey", {
lifetimeActions: [{ action: "Rotate", timeBeforeExpiry: "P30D" }],
expiresIn: "P90D"
});
const deletePoller = await keyClient.beginDeleteKey("MyKey");
await deletePoller.pollUntilDone();
// Purge
await keyClient.purgeDeletedKey("MyKey");
import { CryptographyClient } from "@azure/keyvault-keys";
// From key object
const cryptoClient = new CryptographyClient(key, credential);
// From key ID
const cryptoClient = new CryptographyClient(key.id!, credential);
// Encrypt
const encryptResult = await cryptoClient.encrypt({
algorithm: "RSA-OAEP",
plaintext: Buffer.from("My secret message")
});
// Decrypt
const decryptResult = await cryptoClient.decrypt({
algorithm: "RSA-OAEP",
ciphertext: encryptResult.result
});
console.log(decryptResult.result.toString());
import { createHash } from "node:crypto";
// Create digest
const hash = createHash("sha256").update("My message").digest();
// Sign
const signResult = await cryptoClient.sign("RS256", hash);
// Verify
const verifyResult = await cryptoClient.verify("RS256", hash, signResult.result);
console.log("Valid:", verifyResult.result);
// Wrap a key (encrypt it for storage)
const wrapResult = await cryptoClient.wrapKey("RSA-OAEP", Buffer.from("key-material"));
// Unwrap
const unwrapResult = await cryptoClient.unwrapKey("RSA-OAEP", wrapResult.result);
// Backup
const keyBackup = await keyClient.backupKey("MyKey");
const secretBackup = await secretClient.backupSecret("MySecret");
// Restore (can restore to different vault)
const restoredKey = await keyClient.restoreKeyBackup(keyBackup!);
const restoredSecret = await secretClient.restoreSecretBackup(secretBackup!);
import {
KeyClient,
KeyVaultKey,
KeyProperties,
DeletedKey,
CryptographyClient,
KnownEncryptionAlgorithms,
KnownSignatureAlgorithms
} from "@azure/keyvault-keys";
import {
SecretClient,
KeyVaultSecret,
SecretProperties,
DeletedSecret
} from "@azure/keyvault-secrets";
try {
const secret = await secretClient.getSecret("NonExistent");
} catch (error: any) {
if (error.code === "SecretNotFound") {
console.log("Secret does not exist");
} else {
throw error;
}
}
This skill is applicable to execute the workflow or actions described in the overview.
npx claudepluginhub franklyn-r-silva/antigravity-awesome-skills131plugins reuse this skill
First indexed Jun 3, 2026
Showing the 6 earliest of 131 plugins
Manages Azure Key Vault secrets and keys using the @azure/keyvault-secrets SDK. Covers CRUD operations, key creation, and authentication.
Manages secrets using Azure Key Vault Secrets SDK for JavaScript (@azure/keyvault-secrets). Use when storing and retrieving application secrets or configuration values.
Manages Azure Key Vault secrets, keys, and certificates via the Python SDK. Covers SecretClient, KeyClient, CertificateClient with DefaultAzureCredential and context managers.