|
Add this skill
npx mdskills install sickn33/azure-keyvault-certificates-rustComprehensive Rust SDK reference with solid examples and lifecycle guidance
1---2name: azure-keyvault-certificates-rust3description: |4 Azure Key Vault Certificates SDK for Rust. Use for creating, importing, and managing certificates.5 Triggers: "keyvault certificates rust", "CertificateClient rust", "create certificate rust", "import certificate rust".6package: azure_security_keyvault_certificates7---89# Azure Key Vault Certificates SDK for Rust1011Client library for Azure Key Vault Certificates — secure storage and management of certificates.1213## Installation1415```sh16cargo add azure_security_keyvault_certificates azure_identity17```1819## Environment Variables2021```bash22AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/23```2425## Authentication2627```rust28use azure_identity::DeveloperToolsCredential;29use azure_security_keyvault_certificates::CertificateClient;3031let credential = DeveloperToolsCredential::new(None)?;32let client = CertificateClient::new(33 "https://<vault-name>.vault.azure.net/",34 credential.clone(),35 None,36)?;37```3839## Core Operations4041### Get Certificate4243```rust44use azure_core::base64;4546let certificate = client47 .get_certificate("certificate-name", None)48 .await?49 .into_model()?;5051println!(52 "Thumbprint: {:?}",53 certificate.x509_thumbprint.map(base64::encode_url_safe)54);55```5657### Create Certificate5859```rust60use azure_security_keyvault_certificates::models::{61 CreateCertificateParameters, CertificatePolicy,62 IssuerParameters, X509CertificateProperties,63};6465let policy = CertificatePolicy {66 issuer_parameters: Some(IssuerParameters {67 name: Some("Self".into()),68 ..Default::default()69 }),70 x509_certificate_properties: Some(X509CertificateProperties {71 subject: Some("CN=example.com".into()),72 ..Default::default()73 }),74 ..Default::default()75};7677let params = CreateCertificateParameters {78 certificate_policy: Some(policy),79 ..Default::default()80};8182let operation = client83 .create_certificate("cert-name", params.try_into()?, None)84 .await?;85```8687### Import Certificate8889```rust90use azure_security_keyvault_certificates::models::ImportCertificateParameters;9192let params = ImportCertificateParameters {93 base64_encoded_certificate: Some(base64_cert_data),94 password: Some("optional-password".into()),95 ..Default::default()96};9798let certificate = client99 .import_certificate("cert-name", params.try_into()?, None)100 .await?101 .into_model()?;102```103104### Delete Certificate105106```rust107client.delete_certificate("certificate-name", None).await?;108```109110### List Certificates111112```rust113use azure_security_keyvault_certificates::ResourceExt;114use futures::TryStreamExt;115116let mut pager = client.list_certificate_properties(None)?.into_stream();117while let Some(cert) = pager.try_next().await? {118 let name = cert.resource_id()?.name;119 println!("Certificate: {}", name);120}121```122123### Get Certificate Policy124125```rust126let policy = client127 .get_certificate_policy("certificate-name", None)128 .await?129 .into_model()?;130```131132### Update Certificate Policy133134```rust135use azure_security_keyvault_certificates::models::UpdateCertificatePolicyParameters;136137let params = UpdateCertificatePolicyParameters {138 // Update policy properties139 ..Default::default()140};141142client143 .update_certificate_policy("cert-name", params.try_into()?, None)144 .await?;145```146147## Certificate Lifecycle1481491. **Create** — generates new certificate with policy1502. **Import** — import existing PFX/PEM certificate1513. **Get** — retrieve certificate (public key only)1524. **Update** — modify certificate properties1535. **Delete** — soft delete (recoverable)1546. **Purge** — permanent deletion155156## Best Practices1571581. **Use Entra ID auth** — `DeveloperToolsCredential` for dev1592. **Use managed certificates** — auto-renewal with supported issuers1603. **Set proper validity period** — balance security and maintenance1614. **Use certificate policies** — define renewal and key properties1625. **Monitor expiration** — set up alerts for expiring certificates1636. **Enable soft delete** — required for production vaults164165## RBAC Permissions166167Assign these Key Vault roles:168- `Key Vault Certificates Officer` — full CRUD on certificates169- `Key Vault Reader` — read certificate metadata170171## Reference Links172173| Resource | Link |174|----------|------|175| API Reference | https://docs.rs/azure_security_keyvault_certificates |176| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_certificates |177| crates.io | https://crates.io/crates/azure_security_keyvault_certificates |178
Full transparency — inspect the skill content before installing.