{"id":15776679,"url":"https://github.com/devigned/rust-key-vault","last_synced_at":"2025-06-29T12:37:38.654Z","repository":{"id":25665515,"uuid":"29101191","full_name":"devigned/rust-key-vault","owner":"devigned","description":"Rust implementation of the Azure Key Vault client API","archived":false,"fork":false,"pushed_at":"2015-05-11T03:38:05.000Z","size":337,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-05T17:23:07.348Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/devigned.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-01-11T18:25:26.000Z","updated_at":"2023-08-29T10:44:57.000Z","dependencies_parsed_at":"2022-08-24T06:40:33.848Z","dependency_job_id":null,"html_url":"https://github.com/devigned/rust-key-vault","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/devigned/rust-key-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devigned%2Frust-key-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devigned%2Frust-key-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devigned%2Frust-key-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devigned%2Frust-key-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/devigned","download_url":"https://codeload.github.com/devigned/rust-key-vault/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/devigned%2Frust-key-vault/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":262596532,"owners_count":23334625,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-04T17:23:16.758Z","updated_at":"2025-06-29T12:37:38.609Z","avatar_url":"https://github.com/devigned.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![Build Status](https://travis-ci.org/devigned/rust-key-vault.svg?branch=master)](https://travis-ci.org/devigned/rust-key-vault)\n# Rust Key Vault\nA Rust library and command line interface with all of the features provided by the Key Vault REST API\n\n## Project Status\nThe library is at proof of concept state. Right now, it will only authenticate against Azure Active Directory via OAuth2 and request an asymmetric key from a specified vault. There is much work to be done.\n\n## Features (coming soon unless otherwise stated)\n### Keys (asymmetric cryptographic keys)\n- \u003cb\u003eCreate (*implemented*):\u003c/b\u003e Allows a client to create a key in Azure Key Vault. The value of the key is generated by Azure Key Vault and stored and is not released to the client. Asymmetric (and in the future, Elliptic Curve and Symmetric) keys may be created in Azure Key Vault.\n- \u003cb\u003eDelete (*implemented*):\u003c/b\u003e Allows a client with sufficient permissions to delete a key from Azure Key Vault.\n- \u003cb\u003eList (*implemented*):\u003c/b\u003e Allows a client to list all keys in a given Azure Key Vault.\n- \u003cb\u003eGet (*implemented*):\u003c/b\u003e Allows a client to retrieve the public parts of a given key in an Azure Key Vault.\n- \u003cb\u003eBackup:\u003c/b\u003e Exports a key in a protected form.\n- \u003cb\u003eRestore:\u003c/b\u003e Imports a previously backed up key.\n- \u003cb\u003eSign and Verify (*implemented*):\u003c/b\u003e Strictly, this operation is \"sign hash\" or “verify hash” as Azure Key Vault does not support hashing of content as part of signature creation. Applications should hash data to be signed locally and then request Azure Key Vault sign the hash. Verification of signed hashes is supported as a convenience operation for applications that may not have access to [public] key material; it is recommended that, for best application performance, verify operations are performed locally.\n- \u003cb\u003eKey Encryption / Wrapping (*implemented*):\u003c/b\u003e A key stored in Azure Key Vault may be used to protect another key, typically a symmetric content encryption key (CEK). When the key in Azure Key Vault is asymmetric, key encryption is used, for example RSA-OAEP and the WRAPKEY/UNWRAPKEY operations are equivalent to ENCRYPT/DECRYPT. When the key in Azure Key Vault is symmetric, key wrapping is used; for example AES-KW. The WRAPKEY operation is supported as a convenience for applications that may not have access to [public] key material; it is recommended that, for best application performance, WRAPKEY operations are performed locally.\n- \u003cb\u003eEncrypt and Decrypt (*implemented*):\u003c/b\u003e A key stored in Azure Key Vault may be used to encrypt or decrypt a single block of data, the size of which is determined by the key type and selected encryption algorithm. The Encrypt operation is provided for convenience for applications that may not have access to [public] key material; it is recommended that, for best application performance, encrypt operations be performed locally.\n\n### Secrets (octet sequences with a maximum size of 10k bytes each):\n- \u003cb\u003eCreate:\u003c/b\u003e Create new secrets\n- \u003cb\u003eGet:\u003c/b\u003e Read a secret\n- \u003cb\u003eList:\u003c/b\u003e List the secrets stored in a Key Vault\n- \u003cb\u003eDelete:\u003c/b\u003e Delete the secret\n\n### Command Line Interface\n- \u003cb\u003eKey Examples:\u003c/b\u003e\n - \u003cb\u003eCreate:\u003c/b\u003e `\u003e vault keys create \u003cname\u003e –ops “sign, verify, wrapKey, unwrapKey, encrypt, decrypt\"`\nReturns success or failure\n - \u003cb\u003eDelete:\u003c/b\u003e `\u003e vault keys delete \u003cname\u003e`\nReturns success or failure\n - \u003cb\u003eList:\u003c/b\u003e `\u003e vault keys list`\nReturns a list of keys in the vault\n - \u003cb\u003eGet:\u003c/b\u003e `\u003e vault keys get \u003cname\u003e`\nReturns the public side and metadata of the key\n - \u003cb\u003eBackup:\u003c/b\u003e `\u003e vault keys backup \u003cname\u003e`\nReturns byte stream of key\n - \u003cb\u003eRestore:\u003c/b\u003e `\u003e vault keys restore \u003cfile name\u003e`\nRestores key from file\n - \u003cb\u003eSign:\u003c/b\u003e `\u003e vault keys sign \u003cname\u003e \u003cfile name or piped input\u003e`\nReturns the signature\n - \u003cb\u003eVerify:\u003c/b\u003e `\u003e vault keys verify \u003cname\u003e \u003chash\u003e \u003cfile name or piped input\u003e`\nReturns success or failure\n - \u003cb\u003eEncryption:\u003c/b\u003e `\u003e vault keys encrypt \u003cname\u003e \u003cfile name or piped input\u003e`\nReturns encrypted byte stream\n - \u003cb\u003eDecryption:\u003c/b\u003e `\u003e vault keys decrypt \u003cname\u003e \u003cfile name or piped input\u003e`\nReturns decrypted byte stream\n - \u003cb\u003eKey Wrap:\u003c/b\u003e `\u003e vault keys wrap \u003cname\u003e \u003cfile name or piped input\u003e`\nReturns byte stream of wrapped key\n - \u003cb\u003eKey Unwrap:\u003c/b\u003e `\u003e vault keys unwrap \u003cname\u003e \u003cfile name or piped input\u003e`\nReturns byte stream for unwrapped key\n- \u003cb\u003eSecrets Examples:\u003c/b\u003e\n - \u003cb\u003eCreate:\u003c/b\u003e `\u003e vault secrets create \u003cname\u003e \u003csecret or piped input\u003e`\nReturns success or failure\n - \u003cb\u003eDelete:\u003c/b\u003e `\u003e vault secrets delete \u003cname\u003e`\nReturns success or failure\n - \u003cb\u003eGet:\u003c/b\u003e `\u003e vault secrets get \u003cname\u003e`\nReturns the value of the secret\n - \u003cb\u003eList:\u003c/b\u003e `\u003e vault secrets list`\nReturns the names of the secrets in the vault\n\n### Executing Key Operation Example\nFrom the project root run: `cargo run --example key_operations \u003cvault_name\u003e \u003ckey\u003e \u003csecret\u003e`\n\n## Installation\n\n- Clone the repo\n- Run `cargo build`\n- Run `cargo test`\n\n## Usage\n\nSee the key_operations example:\n```rust\nfn main() {\n    let mut vault = String::new();\n    let mut key = String::new();\n    let mut secret = String::new();\n\n    get_arg(1, \u0026mut vault);\n    get_arg(2, \u0026mut key);\n    get_arg(3, \u0026mut secret);\n\n    println!(\"vault: {:?}, key: {:?}, secret: {:?}\", vault, key, secret);\n\n    let mut client: AzureVault = Vault::new(\u0026vault[..], \u0026key[..], \u0026secret[..]);\n\n    display_current_keys_list(\u0026mut client);\n\n    delete_existing_key(\u0026mut client, \"mynewkey1\");\n\n    display_current_keys_list(\u0026mut client);\n\n    insert_new_key(\u0026mut client, \"mynewkey1\");\n\n    display_encrypt_decrypt(\u0026mut client, \"mynewkey1\", \"Hello World!\".to_string());\n\n    display_sign_verify(\u0026mut client, \"mynewkey1\", \"Hello World!\".to_string());\n\n    display_current_keys_list(\u0026mut client);\n\n    display_key_by_name(\u0026mut client, \"mynewkey1\")\n}\n```\n\n## Contributing\n\n1. Fork it ( https://github.com/devigned/rust-key-vault/fork )\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create a new Pull Request\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevigned%2Frust-key-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdevigned%2Frust-key-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdevigned%2Frust-key-vault/lists"}