Azure Key Vault Certificates SDK for Rust Client library for Azure Key Vault Certificates — secure storage and management of certificates. Installation cargo add azure_security_keyvault_certificates azure_identity Environment Variables AZURE_KEYVAULT_URL = https:// < vault-name
.vault.azure.net/ Authentication use azure_identity :: DeveloperToolsCredential ; use azure_security_keyvault_certificates :: CertificateClient ; let credential = DeveloperToolsCredential :: new ( None ) ? ; let client = CertificateClient :: new ( "https://
.vault.azure.net/" , credential . clone ( ) , None , ) ? ; Core Operations Get Certificate use azure_core :: base64 ; let certificate = client . get_certificate ( "certificate-name" , None ) . await ? . into_model ( ) ? ; println! ( "Thumbprint: {:?}" , certificate . x509_thumbprint . map ( base64 :: encode_url_safe ) ) ; Create Certificate use azure_security_keyvault_certificates :: models :: { CreateCertificateParameters , CertificatePolicy , IssuerParameters , X509CertificateProperties , } ; let policy = CertificatePolicy { issuer_parameters : Some ( IssuerParameters { name : Some ( "Self" . into ( ) ) , .. Default :: default ( ) } ) , x509_certificate_properties : Some ( X509CertificateProperties { subject : Some ( "CN=example.com" . into ( ) ) , .. Default :: default ( ) } ) , .. Default :: default ( ) } ; let params = CreateCertificateParameters { certificate_policy : Some ( policy ) , .. Default :: default ( ) } ; let operation = client . create_certificate ( "cert-name" , params . try_into ( ) ? , None ) . await ? ; Import Certificate use azure_security_keyvault_certificates :: models :: ImportCertificateParameters ; let params = ImportCertificateParameters { base64_encoded_certificate : Some ( base64_cert_data ) , password : Some ( "optional-password" . into ( ) ) , .. Default :: default ( ) } ; let certificate = client . import_certificate ( "cert-name" , params . try_into ( ) ? , None ) . await ? . into_model ( ) ? ; Delete Certificate client . delete_certificate ( "certificate-name" , None ) . await ? ; List Certificates use azure_security_keyvault_certificates :: ResourceExt ; use futures :: TryStreamExt ; let mut pager = client . list_certificate_properties ( None ) ? . into_stream ( ) ; while let Some ( cert ) = pager . try_next ( ) . await ? { let name = cert . resource_id ( ) ? . name ; println! ( "Certificate: {}" , name ) ; } Get Certificate Policy let policy = client . get_certificate_policy ( "certificate-name" , None ) . await ? . into_model ( ) ? ; Update Certificate Policy use azure_security_keyvault_certificates :: models :: UpdateCertificatePolicyParameters ; let params = UpdateCertificatePolicyParameters { // Update policy properties .. Default :: default ( ) } ; client . update_certificate_policy ( "cert-name" , params . try_into ( ) ? , None ) . await ? ; Certificate Lifecycle Create — generates new certificate with policy Import — import existing PFX/PEM certificate Get — retrieve certificate (public key only) Update — modify certificate properties Delete — soft delete (recoverable) Purge — permanent deletion Best Practices Use Entra ID auth — DeveloperToolsCredential for dev Use managed certificates — auto-renewal with supported issuers Set proper validity period — balance security and maintenance Use certificate policies — define renewal and key properties Monitor expiration — set up alerts for expiring certificates Enable soft delete — required for production vaults RBAC Permissions Assign these Key Vault roles: Key Vault Certificates Officer — full CRUD on certificates Key Vault Reader — read certificate metadata Reference Links Resource Link API Reference https://docs.rs/azure_security_keyvault_certificates Source Code https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_certificates crates.io https://crates.io/crates/azure_security_keyvault_certificates When to Use This skill is applicable to execute the workflow or actions described in the overview.