Skills azure-keyvault-keys-ts

🔐

azure-keyvault-keys-ts

Name: azure-keyvault-keys-ts
Author: sickn33

Safe

Manage Azure Key Vault Keys

Need to create, encrypt, sign, or rotate cryptographic keys in Azure? This skill provides ready-to-use code snippets for the Azure Key Vault Keys SDK to handle key management securely.

Supports: Claude Codex Code(CC)

⚠️ 67 Poor

Download the skill ZIP

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

Toggle on and start using

Test it

Using "azure-keyvault-keys-ts". Create an EC key named 'signing-key' using P-256 curve

Expected outcome:

```typescript
const ecKey = await keyClient.createEcKey('signing-key', {
curve: 'P-256',
enabled: true,
keyOps: ['sign', 'verify']
});
console.log('Created key:', ecKey.name);
```

Using "azure-keyvault-keys-ts". Encrypt the string 'secret-data' using RSA-OAEP

Expected outcome:

```typescript
const cryptoClient = new CryptographyClient(key, credential);
const encrypted = await cryptoClient.encrypt({
algorithm: 'RSA-OAEP',
plaintext: Buffer.from('secret-data')
});
console.log('Encrypted:', encrypted.result.toString('base64'));
```

Security Audit

Safe

v1 • 2/25/2026

Static analysis flagged 47 potential issues, but all are false positives. The file is legitimate Azure SDK documentation containing example code blocks (not actual executables), placeholder URLs (not real endpoints), and standard environment variable patterns (Azure best practice). No malicious behavior detected.

Files scanned

275

Lines analyzed

findings

Total audits

Critical Issues (1)

SKILL.md:1-275

False Positive: Critical Heuristic Detection

Scanner detected 'dangerous combination: code execution + network + credential access' but this is triggered by documentation patterns. The file contains example SDK code showing how to authenticate to Azure Key Vault - this is expected documentation behavior, not malicious activity.

Medium Risk Issues (3)

SKILL.md:15-262

False Positive: External Commands Detection

Scanner flagged 'Ruby/shell backtick execution' at 38 locations. This is a markdown documentation file where backticks are used for code fences (```bash, ```typescript). No actual shell execution code exists.

SKILL.md:23-35

False Positive: Hardcoded URL Detection

Scanner flagged hardcoded URLs at lines 23 and 35. These are placeholder template URLs (https://<vault-name>.vault.azure.net) and dynamic URL construction from environment variables - standard Azure SDK patterns.

SKILL.md:35

False Positive: Environment Variable Access

Scanner flagged environment variable access at line 35. Accessing AZURE_KEYVAULT_NAME via process.env is the standard, documented way to configure Azure SDKs. This is not a security vulnerability.

Audited by: claude

Quality Score

Architecture

100

Maintainability

Content

Community

Security

100

Spec Compliance

What You Can Build

Cloud Application Developer

Implement encryption for data at rest in cloud applications using Azure Key Vault for secure key storage and management.

DevOps Engineer

Manage key rotation policies and automate cryptographic key lifecycle operations in Azure environments.

Security Engineer

Implement proper key management workflows including backup, restore, and access controls for compliance.

Try These Prompts

Create a new encryption key

Create a new RSA key named 'my-encryption-key' in Azure Key Vault with 2048-bit size. Enable the key and set an expiration date.

Encrypt data with managed key

Show me how to encrypt a user password using the Azure Key Vault cryptography client with RSA-OAEP algorithm.

Set up automatic key rotation

Configure automatic rotation for 'my-rotation-key' so it rotates every 90 days. Show the rotation policy setup.

Backup and restore a key

How do I backup a key from one Azure Key Vault and restore it to a different vault? Include the backup and restore operations.

Best Practices

Use DefaultAzureCredential for automatic authentication across dev and production environments
Enable soft-delete on vaults to protect against accidental key deletion
Set expiration dates on keys and implement rotation policies for security compliance

Avoid

Hardcoding connection strings or secrets in source code - use Azure Key Vault or environment variables
Using keys without expiration dates - always set validity periods
Disabling key operations logging - audit trail is critical for security compliance

Frequently Asked Questions

What authentication methods does this skill support?

The skill uses DefaultAzureCredential which supports managed identities, service principals, and developer credentials automatically.

Can this skill work with on-premises key vaults?

No, Azure Key Vault is a cloud service. For on-premises, consider HashiCorp Vault or similar solutions.

Is this skill compatible with browser applications?

No, the Azure Key Vault SDK is Node.js only. Browser applications should use token-based authentication with a backend service.

How do I handle key rotation in production?

Use the updateKeyRotationPolicy method to set automatic rotation. The rotateKey method can also be called manually or via automation.

What key types are supported?

RSA (2048, 3072, 4096-bit), EC (P-256, P-384, P-521 curves), and AES symmetric keys are supported.

Can I restore a key to a different vault?

Yes, the restoreKeyBackup method accepts backups from any vault, enabling cross-vault key migration.

Developer Details

Author

sickn33

License

MIT

Repository

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/azure-keyvault-keys-ts

Ref

main

File structure

📄 SKILL.md