azure-keyvault-secrets-rust

Sécurité & Conformité

|

Documentation

Azure Key Vault Secrets SDK for Rust

Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.

Installation

cargo add azure_security_keyvault_secrets azure_identity

Environment Variables

AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/

Authentication

use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;

let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
    "https://<vault-name>.vault.azure.net/",
    credential.clone(),
    None,
)?;

Core Operations

Get Secret

let secret = client
    .get_secret("secret-name", None)
    .await?
    .into_model()?;

println!("Secret value: {:?}", secret.value);

Set Secret

use azure_security_keyvault_secrets::models::SetSecretParameters;

let params = SetSecretParameters {
    value: Some("secret-value".into()),
    ..Default::default()
};

let secret = client
    .set_secret("secret-name", params.try_into()?, None)
    .await?
    .into_model()?;

Update Secret Properties

use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;

let params = UpdateSecretPropertiesParameters {
    content_type: Some("text/plain".into()),
    tags: Some(HashMap::from([("env".into(), "prod".into())])),
    ..Default::default()
};

client
    .update_secret_properties("secret-name", params.try_into()?, None)
    .await?;

Delete Secret

client.delete_secret("secret-name", None).await?;

List Secrets

use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;

let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
    let name = secret.resource_id()?.name;
    println!("Secret: {}", name);
}

Get Specific Version

use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;

let options = SecretClientGetSecretOptions {
    secret_version: Some("version-id".into()),
    ..Default::default()
};

let secret = client
    .get_secret("secret-name", Some(options))
    .await?
    .into_model()?;

Best Practices

1.Use Entra ID authDeveloperToolsCredential for dev, ManagedIdentityCredential for production
2.Use into_model()? — to deserialize responses
3.Use ResourceExt trait — for extracting names from IDs
4.Handle soft delete — deleted secrets can be recovered within retention period
5.Set content type — helps identify secret format
6.Use tags — for organizing and filtering secrets
7.Version secrets — new values create new versions automatically

RBAC Permissions

Assign these Key Vault roles:

Key Vault Secrets User — get and list
Key Vault Secrets Officer — full CRUD

Reference Links

| Resource | Link |

|----------|------|

| API Reference | https://docs.rs/azure_security_keyvault_secrets |

| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets |

| crates.io | https://crates.io/crates/azure_security_keyvault_secrets |

Compétences similaires

Explorez d'autres agents de la catégorie Sécurité & Conformité

Voir tout le catalogue

on-call-handoff-patterns

Master on-call shift handoffs with context transfer, escalation procedures, and documentation. Use when transitioning on-call responsibilities, documenting shift summaries, or improving on-call processes.

VOIR LA FICHE

error-diagnostics-error-analysis

"You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions."

VOIR LA FICHE

azure-keyvault-certificates-rust

|

VOIR LA FICHE
Utiliser l'Agent azure-keyvault-secrets-rust - Outil & Compétence IA | Skills Catalogue | Skills Catalogue