A reference application for tenant-based encryption using:
- AES GCM symmetric encryption for encrypting content.
- Local key wrapping for storing the Aes keys encrypted with RSA. Support for Local, Azure Key Vault and Aws Kms Supported.
- Supports key rotation.
- All Keys and data are stored in PostgreSql.
1. Go to AesGcmTest.Web/Hosting/Configuration/ConfigurationExtensions.cs
2. Inside AddInfrastructure use this version: return services.AddCompletelyLocalHsmEncryptionStorage();
1. Go to AesGcmTest.Web/Hosting/Configuration/ConfigurationExtensions.cs
2. Inside AddInfrastructure use this version: return services.AddWithAwsHsmTenancyEncryptionStorage(configuration);
3. Update app config or User Secrets or use the provided Local Stack KMS in the docker compose.
1. Go to AesGcmTest.Web/Hosting/Configuration/ConfigurationExtensions.cs
2. Inside AddInfrastructure use this version: return services.AddWithAwsHsmTenancyEncryptionStorage(configuration);
3. Update app config or User Secrets with the corresponding Key Vault setting. (You need to create a service provider inside azure and give permissions to your vault).
"azureKeyVault":
{
"VaultUrl": "https://<keyValutName>.vault.azure.net/",
"TenantId": "....",
"ClientId": "...",
"ClientSecret": "..."
}