Azure KeyVault Key Encryptor for Microsoft.AspNetCore.DataProtection
The Azure.AspNetCore.DataProtection.Keys
package allows protecting keys at rest using Azure KeyVault Key Encryption/Wrapping feature.
Getting started
Install the package
Install the package with NuGet:
dotnet add package Azure.AspNetCore.DataProtection.Keys -v 1.0.0-preview.1
Prerequisites
You need an Azure subscription, [KeyVault Vault][keyvault_doc] and a Key to use this package.
To create a new KeyVault, you can use the Azure Portal, Azure PowerShell, or the Azure CLI. Here's an example using the Azure CLI:
az keyvault create --name MyVault --resource-group MyResourceGroup --location westus
az keyvault key create --name MyKey --vault-name MyVault
Examples
To protect keys using Azure Key Vault Key, configure the system with ProtectKeysWithAzureKeyVault
when configuring the services:
public void ConfigureServices(IServiceCollection services)
{
services
.AddDataProtection()
.ProtectKeysWithAzureKeyVault("<Key-ID>", new DefaultAzureCredential());
}
The Azure Identity library provides easy Azure Active Directory support for authentication.
Next steps
Read more about DataProtection in ASP.NET Core.
Contributing
This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit cla.microsoft.com.
This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact opencode@microsoft.com with any additional questions or comments.