mx-keyvault 0.1.0

Azure Key Vault integration for MultiversX Rust services.
Documentation

mx-keyvault

Azure Key Vault integration for secret management.

Features

  • Secure mnemonic storage
  • Flexible credential resolution (Client Secret, Developer Tools, Managed Identity)

Usage

use mx_keyvault::KeyVaultClient;

// Client creation is synchronous
let client = KeyVaultClient::new("https://myvault.vault.azure.net")?;

// Fetching secrets is async and returns Option<String>
let mnemonic: Option<String> = client.fetch_secret("relayer-mnemonic").await?;

Credential Resolution

Credentials are resolved in the following order:

  1. Client Secret - If all three environment variables are present:

    • AZURE_TENANT_ID
    • AZURE_CLIENT_ID
    • AZURE_CLIENT_SECRET

  2. Developer Tools - Fallback when client secret credentials are not complete. Uses Azure CLI, VS Code, or other developer tool credentials.

  3. Managed Identity - For Azure-hosted services (App Service, AKS, VMs with managed identity enabled).

To disable Developer Tools/Managed Identity fallback, set:

AZURE_IDENTITY_DISABLE_MANAGED_IDENTITY_CREDENTIAL=true