How do I install Azure Keyvault Keys Ts?

Install Azure Keyvault Keys Ts with a single command: npx mdskills install sickn33/azure-keyvault-keys-ts. This downloads the skill files into your project and your AI agent picks them up automatically.

What platforms support Azure Keyvault Keys Ts?

Azure Keyvault Keys Ts works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Codex, Gemini Cli, Amp, Roo Code, Goose, Opencode, Trae, Qodo, Command Code. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.

← Back to skills

Azure Keyvault Keys Ts

Name: Azure Keyvault Keys Ts: AI Agent Skill
Rating: 7 (1 reviews)
Author: sickn33

Verified

Intermediate

Manage cryptographic keys using Azure Key Vault Keys SDK for JavaScript (@azure/keyvault-keys). Use when creating, encrypting/decrypting, signing, or rotating keys.

by @sickn330Updated 2 weeks ago

Add this skill

npx mdskills install sickn33/azure-keyvault-keys-ts

Fork & Edit

Skill Advisor7.0

Comprehensive reference with strong code examples and cryptographic operation coverage.

+Provides clear, actionable code examples for all key operations and crypto functions
+Covers advanced features like key rotation, backup/restore, and wrap/unwrap
+Includes proper error handling patterns and security best practices
-Mixes secrets operations despite focusing on keys SDK, creating scope confusion
-Lacks trigger conditions for when an agent should use this skill

SKILL.md

Edit in Browser

1---
2name: azure-keyvault-keys-ts
3description: Manage cryptographic keys using Azure Key Vault Keys SDK for JavaScript (@azure/keyvault-keys). Use when creating, encrypting/decrypting, signing, or rotating keys.
4package: "@azure/keyvault-keys"
5---
6 
7# Azure Key Vault Keys SDK for TypeScript
8 
9Manage cryptographic keys with Azure Key Vault.
10 
11## Installation
12 
13```bash
14# Keys SDK
15npm install @azure/keyvault-keys @azure/identity
16```
17 
18## Environment Variables
19 
20```bash
21KEY_VAULT_URL=https://<vault-name>.vault.azure.net
22# Or
23AZURE_KEYVAULT_NAME=<vault-name>
24```
25 
26## Authentication
27 
28```typescript
29import { DefaultAzureCredential } from "@azure/identity";
30import { KeyClient, CryptographyClient } from "@azure/keyvault-keys";
31 
32const credential = new DefaultAzureCredential();
33const vaultUrl = `https://${process.env.AZURE_KEYVAULT_NAME}.vault.azure.net`;
34 
35const keyClient = new KeyClient(vaultUrl, credential);
36const secretClient = new SecretClient(vaultUrl, credential);
37```
38 
39## Secrets Operations
40 
41### Create/Set Secret
42 
43```typescript
44const secret = await secretClient.setSecret("MySecret", "secret-value");
45 
46// With attributes
47const secretWithAttrs = await secretClient.setSecret("MySecret", "value", {
48  enabled: true,
49  expiresOn: new Date("2025-12-31"),
50  contentType: "application/json",
51  tags: { environment: "production" }
52});
53```
54 
55### Get Secret
56 
57```typescript
58// Get latest version
59const secret = await secretClient.getSecret("MySecret");
60console.log(secret.value);
61 
62// Get specific version
63const specificSecret = await secretClient.getSecret("MySecret", {
64  version: secret.properties.version
65});
66```
67 
68### List Secrets
69 
70```typescript
71for await (const secretProperties of secretClient.listPropertiesOfSecrets()) {
72  console.log(secretProperties.name);
73}
74 
75// List versions
76for await (const version of secretClient.listPropertiesOfSecretVersions("MySecret")) {
77  console.log(version.version);
78}
79```
80 
81### Delete Secret
82 
83```typescript
84// Soft delete
85const deletePoller = await secretClient.beginDeleteSecret("MySecret");
86await deletePoller.pollUntilDone();
87 
88// Purge (permanent)
89await secretClient.purgeDeletedSecret("MySecret");
90 
91// Recover
92const recoverPoller = await secretClient.beginRecoverDeletedSecret("MySecret");
93await recoverPoller.pollUntilDone();
94```
95 
96## Keys Operations
97 
98### Create Keys
99 
100```typescript
101// Generic key
102const key = await keyClient.createKey("MyKey", "RSA");
103 
104// RSA key with size
105const rsaKey = await keyClient.createRsaKey("MyRsaKey", { keySize: 2048 });
106 
107// Elliptic Curve key
108const ecKey = await keyClient.createEcKey("MyEcKey", { curve: "P-256" });
109 
110// With attributes
111const keyWithAttrs = await keyClient.createKey("MyKey", "RSA", {
112  enabled: true,
113  expiresOn: new Date("2025-12-31"),
114  tags: { purpose: "encryption" },
115  keyOps: ["encrypt", "decrypt", "sign", "verify"]
116});
117```
118 
119### Get Key
120 
121```typescript
122const key = await keyClient.getKey("MyKey");
123console.log(key.name, key.keyType);
124```
125 
126### List Keys
127 
128```typescript
129for await (const keyProperties of keyClient.listPropertiesOfKeys()) {
130  console.log(keyProperties.name);
131}
132```
133 
134### Rotate Key
135 
136```typescript
137// Manual rotation
138const rotatedKey = await keyClient.rotateKey("MyKey");
139 
140// Set rotation policy
141await keyClient.updateKeyRotationPolicy("MyKey", {
142  lifetimeActions: [{ action: "Rotate", timeBeforeExpiry: "P30D" }],
143  expiresIn: "P90D"
144});
145```
146 
147### Delete Key
148 
149```typescript
150const deletePoller = await keyClient.beginDeleteKey("MyKey");
151await deletePoller.pollUntilDone();
152 
153// Purge
154await keyClient.purgeDeletedKey("MyKey");
155```
156 
157## Cryptographic Operations
158 
159### Create CryptographyClient
160 
161```typescript
162import { CryptographyClient } from "@azure/keyvault-keys";
163 
164// From key object
165const cryptoClient = new CryptographyClient(key, credential);
166 
167// From key ID
168const cryptoClient = new CryptographyClient(key.id!, credential);
169```
170 
171### Encrypt/Decrypt
172 
173```typescript
174// Encrypt
175const encryptResult = await cryptoClient.encrypt({
176  algorithm: "RSA-OAEP",
177  plaintext: Buffer.from("My secret message")
178});
179 
180// Decrypt
181const decryptResult = await cryptoClient.decrypt({
182  algorithm: "RSA-OAEP",
183  ciphertext: encryptResult.result
184});
185 
186console.log(decryptResult.result.toString());
187```
188 
189### Sign/Verify
190 
191```typescript
192import { createHash } from "node:crypto";
193 
194// Create digest
195const hash = createHash("sha256").update("My message").digest();
196 
197// Sign
198const signResult = await cryptoClient.sign("RS256", hash);
199 
200// Verify
201const verifyResult = await cryptoClient.verify("RS256", hash, signResult.result);
202console.log("Valid:", verifyResult.result);
203```
204 
205### Wrap/Unwrap Keys
206 
207```typescript
208// Wrap a key (encrypt it for storage)
209const wrapResult = await cryptoClient.wrapKey("RSA-OAEP", Buffer.from("key-material"));
210 
211// Unwrap
212const unwrapResult = await cryptoClient.unwrapKey("RSA-OAEP", wrapResult.result);
213```
214 
215## Backup and Restore
216 
217```typescript
218// Backup
219const keyBackup = await keyClient.backupKey("MyKey");
220const secretBackup = await secretClient.backupSecret("MySecret");
221 
222// Restore (can restore to different vault)
223const restoredKey = await keyClient.restoreKeyBackup(keyBackup!);
224const restoredSecret = await secretClient.restoreSecretBackup(secretBackup!);
225```
226 
227## Key Types
228 
229```typescript
230import {
231  KeyClient,
232  KeyVaultKey,
233  KeyProperties,
234  DeletedKey,
235  CryptographyClient,
236  KnownEncryptionAlgorithms,
237  KnownSignatureAlgorithms
238} from "@azure/keyvault-keys";
239 
240import {
241  SecretClient,
242  KeyVaultSecret,
243  SecretProperties,
244  DeletedSecret
245} from "@azure/keyvault-secrets";
246```
247 
248## Error Handling
249 
250```typescript
251try {
252  const secret = await secretClient.getSecret("NonExistent");
253} catch (error: any) {
254  if (error.code === "SecretNotFound") {
255    console.log("Secret does not exist");
256  } else {
257    throw error;
258  }
259}
260```
261 
262## Best Practices
263 
2641. **Use DefaultAzureCredential** - Works across dev and production
2652. **Enable soft-delete** - Required for production vaults
2663. **Set expiration dates** - On both keys and secrets
2674. **Use key rotation policies** - Automate key rotation
2685. **Limit key operations** - Only grant needed operations (encrypt, sign, etc.)
2696. **Browser not supported** - These SDKs are Node.js only
270

Full transparency — inspect the skill content before installing.