Azure Key Vault Secrets SDK for Rust Client library for Azure Key Vault Secrets — secure storage for passwords, API keys, and other secrets. Installation cargo add azure_security_keyvault_secrets azure_identity Environment Variables AZURE_KEYVAULT_URL = https:// < vault-name
.vault.azure.net/ Authentication use azure_identity :: DeveloperToolsCredential ; use azure_security_keyvault_secrets :: SecretClient ; let credential = DeveloperToolsCredential :: new ( None ) ? ; let client = SecretClient :: new ( "https://
.vault.azure.net/" , credential . clone ( ) , None , ) ? ; Core Operations Get Secret let secret = client . get_secret ( "secret-name" , None ) . await ? . into_model ( ) ? ; println! ( "Secret value: {:?}" , secret . value ) ; Set Secret use azure_security_keyvault_secrets :: models :: SetSecretParameters ; let params = SetSecretParameters { value : Some ( "secret-value" . into ( ) ) , .. Default :: default ( ) } ; let secret = client . set_secret ( "secret-name" , params . try_into ( ) ? , None ) . await ? . into_model ( ) ? ; Update Secret Properties use azure_security_keyvault_secrets :: models :: UpdateSecretPropertiesParameters ; use std :: collections :: HashMap ; let params = UpdateSecretPropertiesParameters { content_type : Some ( "text/plain" . into ( ) ) , tags : Some ( HashMap :: from ( [ ( "env" . into ( ) , "prod" . into ( ) ) ] ) ) , .. Default :: default ( ) } ; client . update_secret_properties ( "secret-name" , params . try_into ( ) ? , None ) . await ? ; Delete Secret client . delete_secret ( "secret-name" , None ) . await ? ; List Secrets use azure_security_keyvault_secrets :: ResourceExt ; use futures :: TryStreamExt ; let mut pager = client . list_secret_properties ( None ) ? . into_stream ( ) ; while let Some ( secret ) = pager . try_next ( ) . await ? { let name = secret . resource_id ( ) ? . name ; println! ( "Secret: {}" , name ) ; } Get Specific Version use azure_security_keyvault_secrets :: models :: SecretClientGetSecretOptions ; let options = SecretClientGetSecretOptions { secret_version : Some ( "version-id" . into ( ) ) , .. Default :: default ( ) } ; let secret = client . get_secret ( "secret-name" , Some ( options ) ) . await ? . into_model ( ) ? ; Best Practices Use Entra ID auth — DeveloperToolsCredential for dev, ManagedIdentityCredential for production Use into_model()? — to deserialize responses Use ResourceExt trait — for extracting names from IDs Handle soft delete — deleted secrets can be recovered within retention period Set content type — helps identify secret format Use tags — for organizing and filtering secrets Version secrets — new values create new versions automatically RBAC Permissions Assign these Key Vault roles: Key Vault Secrets User — get and list Key Vault Secrets Officer — full CRUD Reference Links Resource Link API Reference https://docs.rs/azure_security_keyvault_secrets Source Code https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_secrets crates.io https://crates.io/crates/azure_security_keyvault_secrets When to Use This skill is applicable to execute the workflow or actions described in the overview.