Install
1
Install the plugin$
npx claudepluginhub microsoft/skills --plugin azure-sdk-rustWant just this skill?
Add to a custom plugin, then install with one command.
Description
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication. Triggers: "azure-identity", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust".
Tool Access
This skill uses the workspace's default tool permissions.
Skill Content
Azure Identity SDK for Rust
Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).
Installation
cargo add azure_identity
Environment Variables
# Service Principal (for production/CI)
AZURE_TENANT_ID=<your-tenant-id>
AZURE_CLIENT_ID=<your-client-id>
AZURE_CLIENT_SECRET=<your-client-secret>
# User-assigned Managed Identity (optional)
AZURE_CLIENT_ID=<managed-identity-client-id>
DeveloperToolsCredential
The recommended credential for local development. Tries developer tools in order (Azure CLI, Azure Developer CLI):
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
"https://my-vault.vault.azure.net/",
credential.clone(),
None,
)?;
Credential Chain Order
| Order | Credential | Environment |
|---|---|---|
| 1 | AzureCliCredential | az login |
| 2 | AzureDeveloperCliCredential | azd auth login |
Credential Types
| Credential | Usage |
|---|---|
DeveloperToolsCredential | Local development - tries CLI tools |
ManagedIdentityCredential | Azure VMs, App Service, Functions, AKS |
WorkloadIdentityCredential | Kubernetes workload identity |
ClientSecretCredential | Service principal with secret |
ClientCertificateCredential | Service principal with certificate |
AzureCliCredential | Direct Azure CLI auth |
AzureDeveloperCliCredential | Direct azd CLI auth |
AzurePipelinesCredential | Azure Pipelines service connection |
ClientAssertionCredential | Custom assertions (federated identity) |
ManagedIdentityCredential
For Azure-hosted resources:
use azure_identity::ManagedIdentityCredential;
// System-assigned managed identity
let credential = ManagedIdentityCredential::new(None)?;
// User-assigned managed identity
let options = ManagedIdentityCredentialOptions {
client_id: Some("<user-assigned-mi-client-id>".into()),
..Default::default()
};
let credential = ManagedIdentityCredential::new(Some(options))?;
ClientSecretCredential
For service principal with secret:
use azure_identity::ClientSecretCredential;
let credential = ClientSecretCredential::new(
"<tenant-id>".into(),
"<client-id>".into(),
"<client-secret>".into(),
None,
)?;
Best Practices
- Use
DeveloperToolsCredentialfor local dev — automatically picks up Azure CLI - Use
ManagedIdentityCredentialin production — no secrets to manage - Clone credentials — credentials are
Arc-wrapped and cheap to clone - Reuse credential instances — same credential can be used with multiple clients
- Use
tokiofeature —cargo add azure_identity --features tokio
Reference Links
| Resource | Link |
|---|---|
| API Reference | https://docs.rs/azure_identity |
| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/identity/azure_identity |
| crates.io | https://crates.io/crates/azure_identity |
Stats
Stars1786
Forks192
Last CommitFeb 19, 2026
Actions