In sync with encrypted-config-value v5.2.0 (a104ddefd48e2fb322f5db205f7c93f0ad4ae1d7)
EncryptedConfigValue.NET is a .NET implementation of the Palantir's encrypted-config-value
library.
This repository provides tooling for encrypting certain configuration parameter values in ASP.NET Core apps. This defends against accidental leaks of sensitive information such as copy/pasting a config file.
A EncryptedConfigValue.AspNetCore package provides a way of using encrypted values in your ASP.NET Core appsettings.json files.
Currently supported algorithms:
- AES: (AES/GCM/NoPadding) with random IV
- RSA
Install from NuGet:
Install-Package EncryptedConfigValue.Net.AspNetCore To use in your app:
// If needed, set environment variable, default is var/conf/encrypted-config-value.key
my-application$ export EncryptedConfigValue_Config_KeyPath=conf/encrypted-config-value.key // appsettings.json
{
"Encrypted": "${enc:INNv4cGkVF45MLWZhgVZdIsgQ4zKvbMoJ978Es3MIKgrtz5eeTuOCLM1vPbQm97ejz2EK6M=}",
}// Program.cs
using EncryptedConfigValue.AspNetCore;
using EncryptedConfigValue.Crypto;
// Optionally you can set environment variable in application
// Environment.SetEnvironmentVariable(KeyFileUtils.KeyPathProperty, "conf/encrypted-config-value.key");
var builder = WebApplication.CreateBuilder(args).AddEncryptedConfigValueProvider();A EncryptedConfigValue.Cli project provides CLI tools for generating keys and encrypting values.
The CLI tool provides following commands:
encrypt-config-value [-v <value>] [-k <keyfile>]for encrypting values. In the case of non-symmetric algorithms (e.g. RSA) specify the public key. If-v <value>not provided, program will explicitly ask about value by running interactive mode. On Windows OS it is recommended to providekeyfileparameter as default path points tovar\conf\encrypted-config-value.key.generate-random-key -a <algorithm> [-f <keyfile>]for generating random keys with the specified algorithm. In the case of non-symmetric algorithms (e.g. RSA) the private key will have a .private extension. On Windows OS it is recommended to providekeyfileparameter as default path points tovar\conf\encrypted-config-value.key.
Currently supported algorithms:
- AES: (AES/GCM/NoPadding) with random IV
- RSA
Install from NuGet:
dotnet tool install -g EncryptedConfigValue.Net.CliTo generate keys:
my-application$ encrypted-config-value-dotnet generate-random-key -a AES
Wrote key to var/conf/encrypted-config-value.keyTo encrypt value:
my-application$ encrypted-config-value-dotnet encrypt-config-value -v "secret-value"
enc:eyJUeXBlIjoiQUVTIiwiRW5jcnlwdGlvbk1vZGUiOjAsIkl2IjoiUFZkMDJqbkczQ2FCS2t4MyIsIkNpcGhlclRleHQiOiJMSXMraHNuU0dZUXVVWmc9IiwiVGFnIjoiLzRVeVN0ckpnNjRacGJUdGJRTWEzZz09In0=You can use EncryptedConfigValue.Module to create your own decrypt provider.
Install from NuGet:
Install-Package EncryptedConfigValue.Net.ModuleDifferences from palantir/encrypted-config-value
- Name of environmental variable containing path to key is EncryptedConfigValue_Config_KeyPath instead of palantir.config.key_path
- Commands encrypt-config-value and generate-random-key don't need explicit -v parameter. If -v not provided then program will start interactive mode
The project has been devised to align with the original functionality. Please refrain from suggesting changes that would alter how it works compared to the original. Any adjustments, additions, or removals should be carefully considered to ensure they align seamlessly with the established framework.