Skill

azure-keyvault-keys-rust

Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".

From microsoft-azure-skills

Install

Run in your terminal

npx claudepluginhub jadecli/jadecli-claude-plugins --plugin microsoft-azure-skills

Tool Access

This skill uses the workspace's default tool permissions.

Supporting Assets

View in Repository

references/acceptance-criteria.md

Skill Content

Similar Skills

cache-components

Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.

cache-components

138.6k

claude-opus-4-5-migration

2 files

Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.

claude-opus-4-5-migration

83.2k

mem-search

Searches claude-mem's persistent cross-session memory database to retrieve past work. Uses 3-step MCP workflow: search index, timeline context, fetch selected details. For recalling prior solutions.

claude-mem

45.7k

Stats

Parent Repo Stars0

Parent Repo Forks0

Last CommitFeb 9, 2026

Actions

View Source View Plugin View on GitHub View README

Azure Key Vault Keys SDK for Rust

Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.

Installation

cargo add azure_security_keyvault_keys azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Key Types

Type	Description
RSA	RSA keys (2048, 3072, 4096 bits)
EC	Elliptic curve keys (P-256, P-384, P-521)
RSA-HSM	HSM-protected RSA keys
EC-HSM	HSM-protected EC keys

Core Operations

Get Key

let key = client
    .get_key("key-name", None)
    .await?
    .into_model()?;

println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));

Create Key

use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};

let params = CreateKeyParameters {
    kty: KeyType::Rsa,
    key_size: Some(2048),
    ..Default::default()
};

let key = client
    .create_key("key-name", params.try_into()?, None)
    .await?
    .into_model()?;

Create EC Key

use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};

let params = CreateKeyParameters {
    kty: KeyType::Ec,
    curve: Some(CurveName::P256),
    ..Default::default()
};

let key = client
    .create_key("ec-key", params.try_into()?, None)
    .await?
    .into_model()?;

Delete Key

client.delete_key("key-name", None).await?;

List Keys

use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
    let name = key.resource_id()?.name;
    println!("Key: {}", name);
}

Backup Key

let backup = client.backup_key("key-name", None).await?;
// Store backup.value safely

Restore Key

use azure_security_keyvault_keys::models::RestoreKeyParameters;

let params = RestoreKeyParameters {
    key_bundle_backup: backup_bytes,
};

client.restore_key(params.try_into()?, None).await?;

Cryptographic Operations

Key Vault can perform crypto operations without exposing the private key:

// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)

Best Practices

Use Entra ID auth — DeveloperToolsCredential for dev, ManagedIdentityCredential for production
Use HSM keys for sensitive workloads — hardware-protected keys
Use EC for signing — more efficient than RSA
Use RSA for encryption — when encrypting data
Backup keys — for disaster recovery
Enable soft delete — required for production vaults
Use key rotation — create new versions periodically

RBAC Permissions

Assign these Key Vault roles:

Key Vault Crypto User — use keys for crypto operations
Key Vault Crypto Officer — full CRUD on keys

Reference Links

Resource	Link
API Reference	https://docs.rs/azure_security_keyvault_keys
Source Code	https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys
crates.io	https://crates.io/crates/azure_security_keyvault_keys