Azure Identity SDK for Rust Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD). Installation cargo add azure_identity Environment Variables

Service Principal (for production/CI)

AZURE_TENANT_ID

< your-tenant-id

AZURE_CLIENT_ID

< your-client-id

AZURE_CLIENT_SECRET

< your-client-secret

User-assigned Managed Identity (optional)

AZURE_CLIENT_ID

< managed-identity-client-id

DeveloperToolsCredential The recommended credential for local development. Tries developer tools in order (Azure CLI, Azure Developer CLI): use azure_identity :: DeveloperToolsCredential ; use azure_security_keyvault_secrets :: SecretClient ; let credential = DeveloperToolsCredential :: new ( None ) ? ; let client = SecretClient :: new ( "https://my-vault.vault.azure.net/" , credential . clone ( ) , None , ) ? ; Credential Chain Order Order Credential Environment 1 AzureCliCredential az login 2 AzureDeveloperCliCredential azd auth login Credential Types Credential Usage DeveloperToolsCredential Local development - tries CLI tools ManagedIdentityCredential Azure VMs, App Service, Functions, AKS WorkloadIdentityCredential Kubernetes workload identity ClientSecretCredential Service principal with secret ClientCertificateCredential Service principal with certificate AzureCliCredential Direct Azure CLI auth AzureDeveloperCliCredential Direct azd CLI auth AzurePipelinesCredential Azure Pipelines service connection ClientAssertionCredential Custom assertions (federated identity) ManagedIdentityCredential For Azure-hosted resources: use azure_identity :: ManagedIdentityCredential ; // System-assigned managed identity let credential = ManagedIdentityCredential :: new ( None ) ? ; // User-assigned managed identity let options = ManagedIdentityCredentialOptions { client_id : Some ( "" . into ( ) ) , .. Default :: default ( ) } ; let credential = ManagedIdentityCredential :: new ( Some ( options ) ) ? ; ClientSecretCredential For service principal with secret: use azure_identity :: ClientSecretCredential ; let credential = ClientSecretCredential :: new ( "" . into ( ) , "" . into ( ) , "" . into ( ) , None , ) ? ; Best Practices Use DeveloperToolsCredential for local dev — automatically picks up Azure CLI Use ManagedIdentityCredential in production — no secrets to manage Clone credentials — credentials are Arc -wrapped and cheap to clone Reuse credential instances — same credential can be used with multiple clients Use tokio feature — cargo add azure_identity --features tokio Reference Links Resource Link API Reference https://docs.rs/azure_identity Source Code https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/identity/azure_identity crates.io https://crates.io/crates/azure_identity When to Use This skill is applicable to execute the workflow or actions described in the overview.