scapilix/azure-keyvault-keys-rust
skills/skills/azure-keyvault-keys-rust/SKILL.md
Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
tools
Updated Apr 12, 2026
$ install --global
skillsauthnpx skillsauth add scapilix/lojadiana azure-keyvault-keys-rustInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Apr 4, 2026, 4:23 PM174.9s1 file scanned
SKILL.md
- name:
- azure-keyvault-keys-rust
- description:
- Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys. Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".
- risk:
- unknown
- source:
- community
- date_added:
- 2026-02-27
Azure Key Vault Keys SDK for Rust
Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.
Installation
cargo add azure_security_keyvault_keys azure_identity
Environment Variables
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
Authentication
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
Key Types
| Type | Description | |------|-------------| | RSA | RSA keys (2048, 3072, 4096 bits) | | EC | Elliptic curve keys (P-256, P-384, P-521) | | RSA-HSM | HSM-protected RSA keys | | EC-HSM | HSM-protected EC keys |
Core Operations
Get Key
let key = client
.get_key("key-name", None)
.await?
.into_model()?;
println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));
Create Key
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};
let params = CreateKeyParameters {
kty: KeyType::Rsa,
key_size: Some(2048),
..Default::default()
};
let key = client
.create_key("key-name", params.try_into()?, None)
.await?
.into_model()?;
Create EC Key
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};
let params = CreateKeyParameters {
kty: KeyType::Ec,
curve: Some(CurveName::P256),
..Default::default()
};
let key = client
.create_key("ec-key", params.try_into()?, None)
.await?
.into_model()?;
Delete Key
client.delete_key("key-name", None).await?;
List Keys
use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
let name = key.resource_id()?.name;
println!("Key: {}", name);
}
Backup Key
let backup = client.backup_key("key-name", None).await?;
// Store backup.value safely
Restore Key
use azure_security_keyvault_keys::models::RestoreKeyParameters;
let params = RestoreKeyParameters {
key_bundle_backup: backup_bytes,
};
client.restore_key(params.try_into()?, None).await?;
Cryptographic Operations
Key Vault can perform crypto operations without exposing the private key:
// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)
Best Practices
- Use Entra ID auth —
DeveloperToolsCredentialfor dev,ManagedIdentityCredentialfor production - Use HSM keys for sensitive workloads — hardware-protected keys
- Use EC for signing — more efficient than RSA
- Use RSA for encryption — when encrypting data
- Backup keys — for disaster recovery
- Enable soft delete — required for production vaults
- Use key rotation — create new versions periodically
RBAC Permissions
Assign these Key Vault roles:
Key Vault Crypto User— use keys for crypto operationsKey Vault Crypto Officer— full CRUD on keys
Reference Links
| Resource | Link | |----------|------| | API Reference | https://docs.rs/azure_security_keyvault_keys | | Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys | | crates.io | https://crates.io/crates/azure_security_keyvault_keys |
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Related Skills
scapilix/last30days
tools
VerifiedTrustedCommunity
Research a topic from the last 30 days on Reddit + X + Web, become an expert, and write copy-paste-ready prompts for the user's target tool.
SKILL.mdUpdated Apr 12, 2026
scapilix/laravel-security-audit
development
VerifiedTrustedCommunity
Security auditor for Laravel applications. Analyzes code for vulnerabilities, misconfigurations, and insecure practices using OWASP standards and Laravel security best practices.
SKILL.mdUpdated Apr 12, 2026
scapilix/laravel-expert
testing
VerifiedTrustedCommunity
Senior Laravel Engineer role for production-grade, maintainable, and idiomatic Laravel solutions. Focuses on clean architecture, security, performance, and modern standards (Laravel 10/11+).
SKILL.mdUpdated Apr 12, 2026
scapilix/langgraph
development
VerifiedTrustedCommunity
Expert in LangGraph - the production-grade framework for building stateful, multi-actor AI applications. Covers graph construction, state management, cycles and branches, persistence with checkpoin...
SKILL.mdUpdated Apr 12, 2026