azure-keyvault-keys-rust

Sécurité & Conformité

|

Documentation

Azure Key Vault Keys SDK for Rust

Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.

Installation

cargo add azure_security_keyvault_keys azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Key Types

| Type | Description |

|------|-------------|

| RSA | RSA keys (2048, 3072, 4096 bits) |

| EC | Elliptic curve keys (P-256, P-384, P-521) |

| RSA-HSM | HSM-protected RSA keys |

| EC-HSM | HSM-protected EC keys |

Core Operations

Get Key

let key = client
    .get_key("key-name", None)
    .await?
    .into_model()?;

println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));

Create Key

use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};

let params = CreateKeyParameters {
    kty: KeyType::Rsa,
    key_size: Some(2048),
    ..Default::default()
};

let key = client
    .create_key("key-name", params.try_into()?, None)
    .await?
    .into_model()?;

Create EC Key

use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};

let params = CreateKeyParameters {
    kty: KeyType::Ec,
    curve: Some(CurveName::P256),
    ..Default::default()
};

let key = client
    .create_key("ec-key", params.try_into()?, None)
    .await?
    .into_model()?;

Delete Key

client.delete_key("key-name", None).await?;

List Keys

use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
    let name = key.resource_id()?.name;
    println!("Key: {}", name);
}

Backup Key

let backup = client.backup_key("key-name", None).await?;
// Store backup.value safely

Restore Key

use azure_security_keyvault_keys::models::RestoreKeyParameters;

let params = RestoreKeyParameters {
    key_bundle_backup: backup_bytes,
};

client.restore_key(params.try_into()?, None).await?;

Cryptographic Operations

Key Vault can perform crypto operations without exposing the private key:

// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)

Best Practices

1.Use Entra ID authDeveloperToolsCredential for dev, ManagedIdentityCredential for production
2.Use HSM keys for sensitive workloads — hardware-protected keys
3.Use EC for signing — more efficient than RSA
4.Use RSA for encryption — when encrypting data
5.Backup keys — for disaster recovery
6.Enable soft delete — required for production vaults
7.Use key rotation — create new versions periodically

RBAC Permissions

Assign these Key Vault roles:

Key Vault Crypto User — use keys for crypto operations
Key Vault Crypto Officer — full CRUD on keys

Reference Links

| Resource | Link |

|----------|------|

| API Reference | https://docs.rs/azure_security_keyvault_keys |

| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys |

| crates.io | https://crates.io/crates/azure_security_keyvault_keys |

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

SMTP Penetration Testing

This skill should be used when the user asks to "perform SMTP penetration testing", "enumerate email users", "test for open mail relays", "grab SMTP banners", "brute force email credentials", or "assess mail server security". It provides comprehensive techniques for testing SMTP server security.

VOIR LA FICHE

Active Directory Attacks

This skill should be used when the user asks to "attack Active Directory", "exploit AD", "Kerberoasting", "DCSync", "pass-the-hash", "BloodHound enumeration", "Golden Ticket", "Silver Ticket", "AS-REP roasting", "NTLM relay", or needs guidance on Windows domain penetration testing.

VOIR LA FICHE

security-compliance-compliance-check

"You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide implementation guidance."

VOIR LA FICHE
Utiliser l'Agent azure-keyvault-keys-rust - Outil & Compétence IA | Skills Catalogue | Skills Catalogue