azure-identity-rust

Cloud, DevOps & Systèmes

|

Documentation

Azure Identity SDK for Rust

Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).

Installation

cargo add azure_identity

Environment Variables

# Service Principal (for production/CI)
AZURE_TENANT_ID=<your-tenant-id>
AZURE_CLIENT_ID=<your-client-id>
AZURE_CLIENT_SECRET=<your-client-secret>

# User-assigned Managed Identity (optional)
AZURE_CLIENT_ID=<managed-identity-client-id>

DeveloperToolsCredential

The recommended credential for local development. Tries developer tools in order (Azure CLI, Azure Developer CLI):

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://my-vault.vault.azure.net/",
    credential.clone(),
    None,
)?;

Credential Chain Order

| Order | Credential | Environment |

|-------|-----------|-------------|

| 1 | AzureCliCredential | az login |

| 2 | AzureDeveloperCliCredential | azd auth login |

Credential Types

| Credential | Usage |

|------------|-------|

| DeveloperToolsCredential | Local development - tries CLI tools |

| ManagedIdentityCredential | Azure VMs, App Service, Functions, AKS |

| WorkloadIdentityCredential | Kubernetes workload identity |

| ClientSecretCredential | Service principal with secret |

| ClientCertificateCredential | Service principal with certificate |

| AzureCliCredential | Direct Azure CLI auth |

| AzureDeveloperCliCredential | Direct azd CLI auth |

| AzurePipelinesCredential | Azure Pipelines service connection |

| ClientAssertionCredential | Custom assertions (federated identity) |

ManagedIdentityCredential

For Azure-hosted resources:

use azure_identity::ManagedIdentityCredential;

// System-assigned managed identity
let credential = ManagedIdentityCredential::new(None)?;

// User-assigned managed identity
let options = ManagedIdentityCredentialOptions {
    client_id: Some("<user-assigned-mi-client-id>".into()),
    ..Default::default()
};
let credential = ManagedIdentityCredential::new(Some(options))?;

ClientSecretCredential

For service principal with secret:

use azure_identity::ClientSecretCredential;

let credential = ClientSecretCredential::new(
    "<tenant-id>".into(),
    "<client-id>".into(),
    "<client-secret>".into(),
    None,
)?;

Best Practices

1.Use DeveloperToolsCredential for local dev — automatically picks up Azure CLI
2.Use ManagedIdentityCredential in production — no secrets to manage
3.Clone credentials — credentials are Arc-wrapped and cheap to clone
4.Reuse credential instances — same credential can be used with multiple clients
5.Use tokio featurecargo add azure_identity --features tokio

Reference Links

| Resource | Link |

|----------|------|

| API Reference | https://docs.rs/azure_identity |

| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/identity/azure_identity |

| crates.io | https://crates.io/crates/azure_identity |

Compétences similaires

Explorez d'autres agents de la catégorie Cloud, DevOps & Systèmes

Voir tout le catalogue

aws-serverless

"Specialized skill for building production-ready serverless applications on AWS. Covers Lambda functions, API Gateway, DynamoDB, SQS/SNS event-driven patterns, SAM/CDK deployment, and cold start optimization."

VOIR LA FICHE

azure-ai-projects-java

|

VOIR LA FICHE

prometheus-configuration

Set up Prometheus for comprehensive metric collection, storage, and monitoring of infrastructure and applications. Use when implementing metrics collection, setting up monitoring infrastructure, or configuring alerting systems.

VOIR LA FICHE
Utiliser l'Agent azure-identity-rust - Outil & Compétence IA | Skills Catalogue | Skills Catalogue