azure-keyvault-keys-rust
Sécurité & Conformité|
Documentation
Azure Key Vault Keys SDK for Rust
Client library for Azure Key Vault Keys — secure storage and management of cryptographic keys.
Installation
cargo add azure_security_keyvault_keys azure_identityEnvironment Variables
AZURE_KEYVAULT_URL=https://<vault-name>.vault.azure.net/Authentication
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_keys::KeyClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = KeyClient::new(
"https://<vault-name>.vault.azure.net/",
credential.clone(),
None,
)?;Key Types
| Type | Description |
|------|-------------|
| RSA | RSA keys (2048, 3072, 4096 bits) |
| EC | Elliptic curve keys (P-256, P-384, P-521) |
| RSA-HSM | HSM-protected RSA keys |
| EC-HSM | HSM-protected EC keys |
Core Operations
Get Key
let key = client
.get_key("key-name", None)
.await?
.into_model()?;
println!("Key ID: {:?}", key.key.as_ref().map(|k| &k.kid));Create Key
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType};
let params = CreateKeyParameters {
kty: KeyType::Rsa,
key_size: Some(2048),
..Default::default()
};
let key = client
.create_key("key-name", params.try_into()?, None)
.await?
.into_model()?;Create EC Key
use azure_security_keyvault_keys::models::{CreateKeyParameters, KeyType, CurveName};
let params = CreateKeyParameters {
kty: KeyType::Ec,
curve: Some(CurveName::P256),
..Default::default()
};
let key = client
.create_key("ec-key", params.try_into()?, None)
.await?
.into_model()?;Delete Key
client.delete_key("key-name", None).await?;List Keys
use azure_security_keyvault_keys::ResourceExt;
use futures::TryStreamExt;
let mut pager = client.list_key_properties(None)?.into_stream();
while let Some(key) = pager.try_next().await? {
let name = key.resource_id()?.name;
println!("Key: {}", name);
}Backup Key
let backup = client.backup_key("key-name", None).await?;
// Store backup.value safelyRestore Key
use azure_security_keyvault_keys::models::RestoreKeyParameters;
let params = RestoreKeyParameters {
key_bundle_backup: backup_bytes,
};
client.restore_key(params.try_into()?, None).await?;Cryptographic Operations
Key Vault can perform crypto operations without exposing the private key:
// For cryptographic operations, use the key's operations
// Available operations depend on key type and permissions:
// - encrypt/decrypt (RSA)
// - sign/verify (RSA, EC)
// - wrapKey/unwrapKey (RSA)Best Practices
DeveloperToolsCredential for dev, ManagedIdentityCredential for productionRBAC Permissions
Assign these Key Vault roles:
Key Vault Crypto User — use keys for crypto operationsKey Vault Crypto Officer — full CRUD on keysReference Links
| Resource | Link |
|----------|------|
| API Reference | https://docs.rs/azure_security_keyvault_keys |
| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/keyvault/azure_security_keyvault_keys |
| crates.io | https://crates.io/crates/azure_security_keyvault_keys |
Compétences similaires
Explorez d'autres agents de la catégorie Sécurité & Conformité
error-diagnostics-error-trace
"You are an error tracking and observability expert specializing in implementing comprehensive error monitoring solutions. Set up error tracking systems, configure alerts, implement structured logging,"
Privilege Escalation Methods
This skill should be used when the user asks to "escalate privileges", "get root access", "become administrator", "privesc techniques", "abuse sudo", "exploit SUID binaries", "Kerberoasting", "pass-the-ticket", "token impersonation", or needs guidance on post-exploitation privilege escalation for Linux or Windows systems.
mobile-security-coder
Expert in secure mobile coding practices specializing in input