Azure Key Vault Key Encryptor for Microsoft.AspNetCore.DataProtection
The Azure.Extensions.AspNetCore.DataProtection.Keys package allows protecting keys at rest using Azure Key Vault Key Encryption/Wrapping feature.
Getting started
Install the package
Install the package with NuGet:
dotnet add package Azure.Extensions.AspNetCore.DataProtection.Keys
Prerequisites
You need an Azure subscription, Key Vault and a Key to use this package.
To create a new Key Vault, you can use the Azure Portal, Azure PowerShell, or the Azure CLI. Here's an example using the Azure CLI:
az keyvault create --name MyVault --resource-group MyResourceGroup --location westus
az keyvault key create --name MyKey --vault-name MyVault
# give write access to a service principal (application)
az keyvault set-policy -n MyVault --object-id <application_id> --key-permissions get unwrapKey wrapKey
Key concepts
Thread safety
We guarantee that all client instance methods are thread-safe and independent of each other (guideline). This ensures that the recommendation of reusing client instances is always safe, even across threads.
Additional concepts
Client options | Accessing the response | Long-running operations | Handling failures | Diagnostics | Mocking | Client lifetime
Examples
To protect keys using Azure Key Vault Key, configure the system with ProtectKeysWithAzureKeyVault when configuring the services:
public void ConfigureServices(IServiceCollection services)
{
services
.AddDataProtection()
.ProtectKeysWithAzureKeyVault(new Uri("<Key-ID>"), new DefaultAzureCredential());
}
The Azure Identity library provides easy Azure Active Directory support for authentication.
Next steps
Read more about DataProtection in ASP.NET Core.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit cla.microsoft.com.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.
Azure SDK for .NET
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for