azure-keyvault-secrets-rust
Azure Key Vault Secrets SDK for Rust. Use for storing and retrieving secrets, passwords, and API keys. Triggers: "keyvault secrets rust", "SecretClient rust", "get secret rust", "set secret rust".
Documentation
Azure Key Vault Secrets SDK for Rust
Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets.
Installation
cargo add azure_security_keyvault_secrets azure_identity
Environment Variables
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/
Authentication
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;
Core Operations
Get Secret
let secret = client
.get_secret("secret-name", None)
.await?
.into_model()?;
println!("Secret value: {:?}", secret.value);
Set Secret
use azure_security_keyvault_secrets::models::SetSecretParameters;
let params = SetSecretParameters {
value: Some("secret-value".into()),
..Default::default()
};
let secret = client
.set_secret("secret-name", params.try_into()?, None)
.await?
.into_model()?;
Update Secret Properties
use azure_security_keyvault_secrets::models::UpdateSecretPropertiesParameters;
use std::collections::HashMap;
let params = UpdateSecretPropertiesParameters {
content_type: Some("text/plain".into()),
tags: Some(HashMap::from([("env".into(), "prod".into())])),
..Default::default()
};
client
.update_secret_properties("secret-name", params.try_into()?, None)
.await?;
Delete Secret
client.delete_secret("secret-name", None).await?;
List Secrets
use azure_security_keyvault_secrets::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_secret_properties(None)?.into_stream();
while let Some(secret) = pager.try_next().await? {
let name = secret.resource_id()?.name;
println!("Secret: {}", name);
}
Get Specific Version
use azure_security_keyvault_secrets::models::SecretClientGetSecretOptions;
let options = SecretClientGetSecretOptions {
secret_version: Some("version-id".into()),
..Default::default()
};
let secret = client
.get_secret("secret-name", Some(options))
.await?
.into_model()?;
Best Practices
- Use Entra ID auth —
DeveloperToolsCredentialfor dev,ManagedIdentityCredentialfor production - Use
into_model()?— to deserialize responses - Use
ResourceExttrait — for extracting names from IDs - Handle soft delete — deleted secrets can be recovered within retention period
- Set content type — helps identify secret format
- Use tags — for organizing and filtering secrets
- Version secrets — new values create new versions automatically
RBAC Permissions
Assign these Key Vault roles:
Key Vault Secrets User— get and listKey Vault Secrets Officer— full CRUD
Reference Links
When to Use
This skill is applicable to execute the workflow or actions described in the overview.
Limitations
- Use this skill only when the task clearly matches the scope described above.
- Do not treat the output as a substitute for environment-specific validation, testing, or expert review.
- Stop and ask for clarification if required inputs, permissions, safety boundaries, or success criteria are missing.
Quick Info
- Source
- antigravity
- Category
- Development & Code Tools
- Repository
- View Repo
- Scraped At
- Feb 26, 2026
Tags
Related Skills
2d-games
2D game development principles. Sprites, tilemaps, physics, camera.
add_repo_inst
Please browse the current repository under /workspace/{{ REPO_FOLDER_NAME }}, look at the documentation and relevant code, and understand the purpose of this repository.
address_pr_comments
First, check the branch {{ BRANCH_NAME }} and read the diff against the main branch to understand the purpose.