angerdileklen/azure-keyvault-certificates-rust
skills/azure-keyvault-certificates-rust/SKILL.md
development
Updated Apr 4, 2026
$ install --global
skillsauthnpx skillsauth add angerdileklen/market-blind-spot azure-keyvault-certificates-rustInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 4:41 AM6.2s1 file scanned
SKILL.md
- name:
- azure-keyvault-certificates-rust
- description:
- |
- risk:
- unknown
- source:
- community
- date_added:
- 2026-02-27
Azure Key Vault Certificates SDK for Rust
Client library for Azure Key Vault Certificates — secure storage and management of certificates.
Installation
cargo add azure_security_keyvault_certificates azure_identity
Environment Variables
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
Authentication
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_certificates::CertificateClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = CertificateClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
Core Operations
Get Certificate
use azure_core::base64;
let certificate = client
.get_certificate("certificate-name", None)
.await?
.into_model()?;
println!(
"Thumbprint: {:?}",
certificate.x509_thumbprint.map(base64::encode_url_safe)
);
Create Certificate
use azure_security_keyvault_certificates::models::{
CreateCertificateParameters, CertificatePolicy,
IssuerParameters, X509CertificateProperties,
};
let policy = CertificatePolicy {
issuer_parameters: Some(IssuerParameters {
name: Some("Self".into()),
..Default::default()
}),
x509_certificate_properties: Some(X509CertificateProperties {
subject: Some("CN=example.com".into()),
..Default::default()
}),
..Default::default()
};
let params = CreateCertificateParameters {
certificate_policy: Some(policy),
..Default::default()
};
let operation = client
.create_certificate("cert-name", params.try_into()?, None)
.await?;
Import Certificate
use azure_security_keyvault_certificates::models::ImportCertificateParameters;
let params = ImportCertificateParameters {
base64_encoded_certificate: Some(base64_cert_data),
password: Some("optional-password".into()),
..Default::default()
};
let certificate = client
.import_certificate("cert-name", params.try_into()?, None)
.await?
.into_model()?;
Delete Certificate
client.delete_certificate("certificate-name", None).await?;
List Certificates
use azure_security_keyvault_certificates::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_certificate_properties(None)?.into_stream();
while let Some(cert) = pager.try_next().await? {
let name = cert.resource_id()?.name;
println!("Certificate: {}", name);
}
Get Certificate Policy
let policy = client
.get_certificate_policy("certificate-name", None)
.await?
.into_model()?;
Update Certificate Policy
use azure_security_keyvault_certificates::models::UpdateCertificatePolicyParameters;
let params = UpdateCertificatePolicyParameters {
// Update policy properties
..Default::default()
};
client
.update_certificate_policy("cert-name", params.try_into()?, None)
.await?;
Certificate Lifecycle
- Create — generates new certificate with policy
- Import — import existing PFX/PEM certificate
- Get — retrieve certificate (public key only)
- Update — modify certificate properties
- Delete — soft delete (recoverable)
- Purge — permanent deletion
Best Practices
- Use Entra ID auth —
DeveloperToolsCredentialfor dev - Use managed certificates — auto-renewal with supported issuers
- Set proper validity period — balance security and maintenance
- Use certificate policies — define renewal and key properties
- Monitor expiration — set up alerts for expiring certificates
- Enable soft delete — required for production vaults
RBAC Permissions
Assign these Key Vault roles:
Key Vault Certificates Officer— full CRUD on certificatesKey Vault Reader— read certificate metadata
Reference Links
| Resource | Link | |----------|------| | API Reference | https://docs.rs/azure_security_keyvault_certificates | | Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_certificates | | crates.io | https://crates.io/crates/azure_security_keyvault_certificates |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
angerdileklen/bevy-ecs-expert
development
VerifiedTrustedCommunity
Master Bevy's Entity Component System (ECS) in Rust, covering Systems, Queries, Resources, and parallel scheduling.
SKILL.mdUpdated Apr 4, 2026
angerdileklen/behavioral-modes
development
VerifiedTrustedCommunity
AI operational modes (brainstorm, implement, debug, review, teach, ship, orchestrate). Use to adapt behavior based on task type.
SKILL.mdUpdated Apr 4, 2026
angerdileklen/beautiful-prose
data-ai
VerifiedTrustedCommunity
Hard-edged writing style contract for timeless, forceful English prose without AI tics
SKILL.mdUpdated Apr 4, 2026
angerdileklen/bazel-build-optimization
development
VerifiedTrustedCommunity
Optimize Bazel builds for large-scale monorepos. Use when configuring Bazel, implementing remote execution, or optimizing build performance for enterprise codebases.
SKILL.mdUpdated Apr 4, 2026