sahib-sawhney-wh/dapr-azure-integration
plugins/dapr/skills/azure-integration/SKILL.md
Configure Azure services as DAPR components with best practices. Supports Azure Cosmos DB, Service Bus, Key Vault, Blob Storage, Event Grid, and Container Apps. Automatically generates component YAML with managed identity support. Use when integrating Azure services or deploying to Azure.
$ install --global
skillsauthnpx skillsauth add sahib-sawhney-wh/sahibs-claude-plugin-marketplace dapr-azure-integrationInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 13, 2026, 2:05 AM207.7s1 file scanned
SKILL.md
- name:
- dapr-azure-integration
- description:
- Configure Azure services as DAPR components with best practices. Supports Azure Cosmos DB, Service Bus, Key Vault, Blob Storage, Event Grid, and Container Apps. Automatically generates component YAML with managed identity support. Use when integrating Azure services or deploying to Azure.
- allowed-tools:
- Read, Write, Grep, Glob, WebFetch
DAPR Azure Integration
This skill helps configure Azure services as DAPR components with production-ready configurations and managed identity support.
When to Use
Claude automatically uses this skill when:
- User mentions Azure services (Cosmos DB, Service Bus, etc.)
- Deploying DAPR apps to Azure Container Apps or AKS
- Setting up managed identity authentication
- Configuring Azure-specific DAPR components
Azure Component Configurations
Azure Cosmos DB (State Store)
Best for: Global distribution, strong consistency, document storage
# components/statestore-cosmosdb.yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: statestore
spec:
type: state.azure.cosmosdb
version: v1
metadata:
# Connection
- name: url
value: https://{account}.documents.azure.com:443/
- name: database
value: daprdb
- name: collection
value: state
# Authentication (Managed Identity - Recommended)
- name: azureClientId
value: "{managed-identity-client-id}"
# OR Connection String (Development only)
# - name: masterKey
# secretKeyRef:
# name: cosmos-secrets
# key: masterKey
# Performance settings
- name: actorStateStore
value: "true"
- name: partitionKey
value: "/partitionKey"
# Consistency
- name: consistencyLevel
value: "Strong" # or Session, Eventual
Prerequisites:
# Create Cosmos DB account
az cosmosdb create \
--name mycosmosaccount \
--resource-group myapp-rg \
--kind GlobalDocumentDB
# Create database and container
az cosmosdb sql database create \
--account-name mycosmosaccount \
--resource-group myapp-rg \
--name daprdb
az cosmosdb sql container create \
--account-name mycosmosaccount \
--resource-group myapp-rg \
--database-name daprdb \
--name state \
--partition-key-path /partitionKey
Azure Service Bus (Pub/Sub)
Best for: Enterprise messaging, ordered delivery, dead-letter support
# components/pubsub-servicebus.yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: pubsub
spec:
type: pubsub.azure.servicebus.topics
version: v1
metadata:
# Authentication (Managed Identity - Recommended)
- name: namespaceName
value: "{namespace}.servicebus.windows.net"
- name: azureClientId
value: "{managed-identity-client-id}"
# OR Connection String
# - name: connectionString
# secretKeyRef:
# name: servicebus-secrets
# key: connectionString
# Consumer settings
- name: consumerID
value: "{app-id}"
- name: maxActiveMessages
value: "100"
- name: maxConcurrentHandlers
value: "10"
- name: lockRenewalInSec
value: "60"
# Retry settings
- name: maxRetriableErrorsPerSec
value: "10"
- name: maxDeliveryCount
value: "10"
Prerequisites:
# Create Service Bus namespace
az servicebus namespace create \
--name myservicebus \
--resource-group myapp-rg \
--sku Standard
# Create topic
az servicebus topic create \
--namespace-name myservicebus \
--resource-group myapp-rg \
--name orders
Azure Key Vault (Secret Store)
Best for: Centralized secret management, rotation, HSM support
# components/secretstore-keyvault.yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: secretstore
spec:
type: secretstores.azure.keyvault
version: v1
metadata:
- name: vaultName
value: "{vault-name}"
# Authentication (Managed Identity - Recommended)
- name: azureClientId
value: "{managed-identity-client-id}"
# OR Service Principal
# - name: azureTenantId
# value: "{tenant-id}"
# - name: azureClientId
# value: "{client-id}"
# - name: azureClientSecret
# secretKeyRef:
# name: azure-sp
# key: client-secret
Prerequisites:
# Create Key Vault
az keyvault create \
--name myvault \
--resource-group myapp-rg \
--location eastus
# Grant managed identity access
az keyvault set-policy \
--name myvault \
--object-id {managed-identity-object-id} \
--secret-permissions get list
Azure Blob Storage (Binding)
Best for: File storage, large objects, cold storage
# components/binding-blobstorage.yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: blobstore
spec:
type: bindings.azure.blobstorage
version: v1
metadata:
- name: accountName
value: "{storage-account}"
- name: containerName
value: "{container-name}"
# Authentication (Managed Identity - Recommended)
- name: azureClientId
value: "{managed-identity-client-id}"
# OR Access Key
# - name: accountKey
# secretKeyRef:
# name: storage-secrets
# key: accountKey
# Settings
- name: decodeBase64
value: "false"
- name: getBlobRetryCount
value: "3"
Azure Event Grid (Binding)
Best for: Event routing, serverless triggers, multi-subscriber
# components/binding-eventgrid.yaml
apiVersion: dapr.io/v1alpha1
kind: Component
metadata:
name: eventgrid
spec:
type: bindings.azure.eventgrid
version: v1
metadata:
- name: tenantId
value: "{tenant-id}"
- name: subscriptionId
value: "{subscription-id}"
- name: resourceGroupName
value: "{resource-group}"
- name: subscriberEndpoint
value: "https://{app-url}/eventgrid"
- name: handshakePort
value: "8080"
- name: scope
value: "/subscriptions/{sub}/resourceGroups/{rg}"
# Authentication
- name: azureClientId
value: "{managed-identity-client-id}"
Managed Identity Setup
For Azure Container Apps
# 1. Create user-assigned managed identity
az identity create \
--name dapr-identity \
--resource-group myapp-rg
# 2. Get identity details
IDENTITY_ID=$(az identity show -n dapr-identity -g myapp-rg --query id -o tsv)
CLIENT_ID=$(az identity show -n dapr-identity -g myapp-rg --query clientId -o tsv)
# 3. Assign to Container App
az containerapp identity assign \
--name myapp \
--resource-group myapp-rg \
--user-assigned $IDENTITY_ID
# 4. Grant permissions to Azure resources
# Cosmos DB
az cosmosdb sql role assignment create \
--account-name mycosmosaccount \
--resource-group myapp-rg \
--principal-id $(az identity show -n dapr-identity -g myapp-rg --query principalId -o tsv) \
--role-definition-id "00000000-0000-0000-0000-000000000002"
# Service Bus
az role assignment create \
--assignee $CLIENT_ID \
--role "Azure Service Bus Data Sender" \
--scope /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ServiceBus/namespaces/{ns}
az role assignment create \
--assignee $CLIENT_ID \
--role "Azure Service Bus Data Receiver" \
--scope /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.ServiceBus/namespaces/{ns}
# Key Vault
az keyvault set-policy \
--name myvault \
--object-id $(az identity show -n dapr-identity -g myapp-rg --query principalId -o tsv) \
--secret-permissions get list
# Storage
az role assignment create \
--assignee $CLIENT_ID \
--role "Storage Blob Data Contributor" \
--scope /subscriptions/{sub}/resourceGroups/{rg}/providers/Microsoft.Storage/storageAccounts/{sa}
For AKS with Workload Identity
# 1. Enable OIDC and Workload Identity on AKS
az aks update \
--resource-group myapp-rg \
--name myaks \
--enable-oidc-issuer \
--enable-workload-identity
# 2. Get OIDC issuer
AKS_OIDC_ISSUER=$(az aks show -n myaks -g myapp-rg --query oidcIssuerProfile.issuerUrl -o tsv)
# 3. Create federated credential
az identity federated-credential create \
--name myapp-federated \
--identity-name dapr-identity \
--resource-group myapp-rg \
--issuer $AKS_OIDC_ISSUER \
--subject system:serviceaccount:default:myapp-sa
Container Apps DAPR Configuration
# Deploy with DAPR enabled
az containerapp create \
--name order-service \
--resource-group myapp-rg \
--environment myenv \
--image myregistry.azurecr.io/order-service:latest \
--target-port 8000 \
--ingress external \
--dapr-enabled \
--dapr-app-id order-service \
--dapr-app-port 8000 \
--user-assigned $IDENTITY_ID \
--env-vars "AZURE_CLIENT_ID=$CLIENT_ID"
# Add DAPR component
az containerapp env dapr-component set \
--name myenv \
--resource-group myapp-rg \
--dapr-component-name statestore \
--yaml ./components/statestore-cosmosdb.yaml
Best Practices
- Always use Managed Identity in production - never connection strings
- Scope components to specific apps when they contain sensitive data
- Use private endpoints for Azure services in production
- Enable diagnostic logging on all Azure resources
- Set appropriate consistency levels based on requirements
- Configure auto-scaling based on KEDA scalers
- Enable zone redundancy for high availability
Troubleshooting
Common Issues
"Unauthorized" errors:
- Check managed identity has correct RBAC roles
- Verify identity is assigned to the container app
- Ensure AZURE_CLIENT_ID env var is set
"Resource not found":
- Verify Azure resource exists
- Check resource names in component YAML
- Ensure correct subscription/resource group
Connection timeouts:
- Check VNet/firewall rules
- Verify private endpoint configuration
- Check DNS resolution
Related Skills
sahib-sawhney-wh/plugins/dataverse/skills/dataverse-web-apps
tools
VerifiedTrustedCommunity
# dataverse-web-apps This skill provides guidance on building web applications (any language) that connect to Microsoft Dataverse. Use when users ask about ".NET Dataverse", "Node.js Dataverse", "JavaScript Dataverse", "REST API Dataverse", "web app Dataverse", "OAuth Dataverse", or need help with web application integration. ## Dataverse Web API All languages can access Dataverse via the OData Web API. **Base URL:** `https://yourorg.api.crm.dynamics.com/api/data/v9.2/` ### Authentication
3SKILL.mdUpdated Apr 13, 2026
sahib-sawhney-wh/plugins/dataverse/skills/dataverse-sdk
tools
VerifiedTrustedCommunity
# dataverse-sdk This skill provides guidance on using the PowerPlatform Dataverse Client SDK for Python. Use when users ask about "Dataverse SDK", "Dataverse Python", "DataverseClient", "Dataverse authentication", "Dataverse CRUD operations", "create Dataverse records", "query Dataverse", "Dataverse connection", or need help with the Microsoft Dataverse Python SDK. ## Quick Start Install the SDK: ```bash pip install PowerPlatform-Dataverse-Client azure-identity ``` Basic setup: ```python fro
3SKILL.mdUpdated Apr 13, 2026
sahib-sawhney-wh/plugins/dataverse/skills/dataverse-schema-design
tools
VerifiedTrustedCommunity
# dataverse-schema-design This skill provides guidance on designing Dataverse table schemas and data models. Use when users ask about "Dataverse table design", "Dataverse schema", "Dataverse relationships", "Dataverse columns", "data modeling Dataverse", "Dataverse best practices", or need help designing their data structure. ## Table Design Fundamentals ### Naming Conventions - **Table prefix**: Use publisher prefix (e.g., `new_`, `cr123_`) - **Table names**: PascalCase, singular (e.g., `new
3SKILL.mdUpdated Apr 13, 2026
sahib-sawhney-wh/plugins/dataverse/skills/dataverse-queries
tools
VerifiedTrustedCommunity
# dataverse-queries This skill provides guidance on querying data from Microsoft Dataverse. Use when users ask about "Dataverse query", "OData filter", "Dataverse SQL", "FetchXML", "query Dataverse records", "Dataverse filter syntax", "search Dataverse", or need help constructing queries. ## Query Methods The Dataverse SDK supports two query methods: 1. **OData queries** - Standard Web API query syntax 2. **SQL queries** - T-SQL-like syntax (read-only) ## OData Query Basics ```python # Basi
3SKILL.mdUpdated Apr 13, 2026