AZ
azure-identity-rust
|
Install
mkdir -p .claude/skills/azure-identity-rust-rjsolucoes && curl -L -o skill.zip "https://agentskills.codes/api/skills/download/13820" && unzip -o skill.zip -d .claude/skills/azure-identity-rust-rjsolucoes && rm skill.zipInstalls to .claude/skills/azure-identity-rust-rjsolucoes
Activation
This is the description your AI agent reads to decide when to run this skill — the better it matches your request, the more reliably it fires.
Azure Identity SDK for Rust authentication. Use for DeveloperToolsCredential, ManagedIdentityCredential, ClientSecretCredential, and token-based authentication. Triggers: "azure-identity", "DeveloperToolsCredential", "authentication rust", "managed identity rust", "credential rust".283 chars✓ has a “when” triggerlonger than Claude Code's old 250-char listing cap (fine on current versions)
About this skill
Azure Identity SDK for Rust
Authentication library for Azure SDK clients using Microsoft Entra ID (formerly Azure AD).
Installation
cargo add azure_identity
Environment Variables
# Service Principal (for production/CI)
AZURE_TENANT_ID=<your-tenant-id>
AZURE_CLIENT_ID=<your-client-id>
AZURE_CLIENT_SECRET=<your-client-secret>
# User-assigned Managed Identity (optional)
AZURE_CLIENT_ID=<managed-identity-client-id>
DeveloperToolsCredential
The recommended credential for local development. Tries developer tools in order (Azure CLI, Azure Developer CLI):
use azure_identity::DeveloperToolsCredential;
use azure_security_keyvault_secrets::SecretClient;
let credential = DeveloperToolsCredential::new(None)?;
let client = SecretClient::new(
"https://my-vault.vault.azure.net/",
credential.clone(),
None,
)?;
Credential Chain Order
| Order | Credential | Environment |
|---|---|---|
| 1 | AzureCliCredential | az login |
| 2 | AzureDeveloperCliCredential | azd auth login |
Credential Types
| Credential | Usage |
|---|---|
DeveloperToolsCredential | Local development - tries CLI tools |
ManagedIdentityCredential | Azure VMs, App Service, Functions, AKS |
WorkloadIdentityCredential | Kubernetes workload identity |
ClientSecretCredential | Service principal with secret |
ClientCertificateCredential | Service principal with certificate |
AzureCliCredential | Direct Azure CLI auth |
AzureDeveloperCliCredential | Direct azd CLI auth |
AzurePipelinesCredential | Azure Pipelines service connection |
ClientAssertionCredential | Custom assertions (federated identity) |
ManagedIdentityCredential
For Azure-hosted resources:
use azure_identity::ManagedIdentityCredential;
// System-assigned managed identity
let credential = ManagedIdentityCredential::new(None)?;
// User-assigned managed identity
let options = ManagedIdentityCredentialOptions {
client_id: Some("<user-assigned-mi-client-id>".into()),
..Default::default()
};
let credential = ManagedIdentityCredential::new(Some(options))?;
ClientSecretCredential
For service principal with secret:
use azure_identity::ClientSecretCredential;
let credential = ClientSecretCredential::new(
"<tenant-id>".into(),
"<client-id>".into(),
"<client-secret>".into(),
None,
)?;
Best Practices
- Use
DeveloperToolsCredentialfor local dev — automatically picks up Azure CLI - Use
ManagedIdentityCredentialin production — no secrets to manage - Clone credentials — credentials are
Arc-wrapped and cheap to clone - Reuse credential instances — same credential can be used with multiple clients
- Use
tokiofeature —cargo add azure_identity --features tokio
Reference Links
| Resource | Link |
|---|---|
| API Reference | https://docs.rs/azure_identity |
| Source Code | https://github.com/Azure/azure-sdk-for-rust/tree/main/sdk/identity/azure_identity |
| crates.io | https://crates.io/crates/azure_identity |