|
Add this skill
npx mdskills install sickn33/azure-keyvault-keys-rustWell-structured Rust SDK reference with clear code examples but lacks agent-specific instructions
1---2name: azure-keyvault-keys-rust3description: |4 Azure Key Vault Keys SDK for Rust. Use for creating, managing, and using cryptographic keys.5 Triggers: "keyvault keys rust", "KeyClient rust", "create key rust", "encrypt rust", "sign rust".6package: azure_security_keyvault_keys7---89# Azure Key Vault Keys SDK for Rust1011Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.1213## Installation1415```sh16cargo add azure_security_keyvault_keys azure_identity17```1819## Environment Variables2021```bash22AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/23```2425## Authentication2627```rust28use azure_identity::DeveloperToolsCredential;29use azure_security_keyvault_keys::KeyClient;3031let credential = DeveloperToolsCredential::new(None)?;32let client = KeyClient::new(33 "https://<vault-name>.vault.azure.net/",34 credential.clone(),35 None,36)?;37```3839## Key Types4041| Type | Description |42|------|-------------|43| RSA | RSA keys (2048, 3072, 4096 bits) |44| EC | Elliptic curve keys (P-256, P-384, P-521) |45| RSA-HSM | HSM-protected RSA keys |46| EC-HSM | HSM-protected EC keys |4748## Core Operations4950### Get Key5152```rust53let key = client54 .get_key("key-name", None)55 .await?56 .into_model()?;5758println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));59```6061### Create Key6263```rust64use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};6566let params = CreateKeyParameters {67 kty: KeyType::Rsa,68 key_size: Some(2048),69 ..Default::default()70};7172let key = client73 .create_key("key-name", params.try_into()?, None)74 .await?75 .into_model()?;76```7778### Create EC Key7980```rust81use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};8283let params = CreateKeyParameters {84 kty: KeyType::Ec,85 curve: Some(CurveName::P256),86 ..Default::default()87};8889let key = client90 .create_key("ec-key", params.try_into()?, None)91 .await?92 .into_model()?;93```9495### Delete Key9697```rust98client.delete_key("key-name", None).await?;99```100101### List Keys102103```rust104use azure_security_keyvault_keys::ResourceExt;105use futures::TryStreamExt;106107let mut pager = client.list_key_properties(None)?.into_stream();108while let Some(key) = pager.try_next().await? {109 let name = key.resource_id()?.name;110 println!("Key: {}", name);111}112```113114### Backup Key115116```rust117let backup = client.backup_key("key-name", None).await?;118// Store backup.value safely119```120121### Restore Key122123```rust124use azure_security_keyvault_keys::models::RestoreKeyParameters;125126let params = RestoreKeyParameters {127 key_bundle_backup: backup_bytes,128};129130client.restore_key(params.try_into()?, None).await?;131```132133## Cryptographic Operations134135Key Vault can perform crypto operations without exposing the private key:136137```rust138// For cryptographic operations, use the key's operations139// Available operations depend on key type and permissions:140// - encrypt/decrypt (RSA)141// - sign/verify (RSA, EC)142// - wrapKey/unwrapKey (RSA)143```144145## Best Practices1461471. **Use Entra ID auth** — `DeveloperToolsCredential` for dev, `ManagedIdentityCredential` for production1482. **Use HSM keys for sensitive workloads** — hardware-protected keys1493. **Use EC for signing** — more efficient than RSA1504. **Use RSA for encryption** — when encrypting data1515. **Backup keys** — for disaster recovery1526. **Enable soft delete** — required for production vaults1537. **Use key rotation** — create new versions periodically154155## RBAC Permissions156157Assign these Key Vault roles:158- `Key Vault Crypto User` — use keys for crypto operations159- `Key Vault Crypto Officer` — full CRUD on keys160161## Reference Links162163| Resource | Link |164|----------|------|165| API Reference | https://docs.rs/azure_security_keyvault_keys |166| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys |167| crates.io | https://crates.io/crates/azure_security_keyvault_keys |168
Full transparency — inspect the skill content before installing.