Feedemy.KeyManagement 2.5.3

.NET 10.0 This package targets .NET 10.0. The package is compatible with this framework or higher.
Additional Details

Memory leaks were detected in these packages and fixed in version 2.5.5. It doesn't affect you if you're not calling more than 10,000 keys per minute. An easier setup has been added to address difficulties with extension registration.

There is a newer version of this package available.
See the version list below for details. 
dotnet add package Feedemy.KeyManagement --version 2.5.3
                    


                    

                
NuGet\Install-Package Feedemy.KeyManagement -Version 2.5.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Feedemy.KeyManagement" Version="2.5.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Feedemy.KeyManagement" Version="2.5.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Feedemy.KeyManagement" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Feedemy.KeyManagement --version 2.5.3
                    


                    

                
#r "nuget: Feedemy.KeyManagement, 2.5.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Feedemy.KeyManagement@2.5.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Feedemy.KeyManagement&version=2.5.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Feedemy.KeyManagement&version=2.5.3
                    


                            Install as a Cake Tool

Feedemy.KeyManagement

NuGet License: MIT .NET

Enterprise-grade key management library for .NET applications.

Features

  • Automatic Key Rotation - Background service with configurable intervals
  • Versioned Encryption - Auto-decryption with version detection
  • Asymmetric Keys - RSA (2048/3072/4096) and ECDSA (P-256/P-384/P-521)
  • Multi-Platform Storage - Windows DPAPI, Linux Keyring, Azure Key Vault
  • Distributed Caching - Redis with pub/sub invalidation
  • Database Persistence - SQL Server, PostgreSQL, and SQLite
  • Health Monitoring - ASP.NET Core health checks
  • Fallback Storage - Multi-provider redundancy
  • Audit Trail - Complete compliance logging
  • Roslyn Analyzers - 48 compile-time security rules

Installation

dotnet add package Feedemy.KeyManagement

# Persistence (choose one)
dotnet add package Feedemy.KeyManagement.Providers.EntityFramework  # SQL Server
dotnet add package Feedemy.KeyManagement.Providers.Npgsql          # PostgreSQL
dotnet add package Feedemy.KeyManagement.Providers.Sqlite          # SQLite (dev/testing)

# Optional
dotnet add package Feedemy.KeyManagement.Analyzers

Quick Start

Development Setup

using Feedemy.KeyManagement.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddKeyManagement(options =>
{
    options.EnableAutoRotation = true;
    options.RotationCheckInterval = TimeSpan.FromHours(6);
    options.DefaultRotationDays = 90;
});

var app = builder.Build();
app.Run();

Production Setup

builder.Services.AddKeyManagement(options =>
{
    options.EnableAutoRotation = true;
    options.RotationCheckInterval = TimeSpan.FromHours(6);

    // Auto-initialization
    options.Initialization.EnableAutoInitialization = true;
    options.Initialization.ExternalKeysJsonPath = "keys.json";
})
.UseAzureKeyVault("https://your-vault.vault.azure.net/")
.UseRedisCache("localhost:6379")
.UseEntityFrameworkPersistence("Server=localhost;Database=KeyManagement;...");

builder.Services.AddHealthChecks()
    .AddKeyManagementHealthCheck();

Basic Usage

public class MyService
{
    private readonly IKeyManagementService _keyService;
    private readonly IKeyManagementAdminService _adminService;

    // Create a key
    public async Task CreateKeyAsync()
    {
        await _adminService.CreateKeyAsync(new CreateKeyRequest
        {
            KeyName = "MyEncryptionKey",
            AutoGenerate = true,
            KeySize = 32,
            RotationIntervalDays = 90,
            CreatedBy = "Admin"
        });
    }

    // Retrieve a key (cached - sub-millisecond)
    public async Task<byte[]> GetKeyAsync()
    {
        return await _keyService.RetrieveKeyAsync("MyEncryptionKey");
    }

    // Check health
    public async Task<KeyHealthStatus> GetHealthAsync()
    {
        var health = await _keyService.GetKeyHealthAsync("MyEncryptionKey");
        return health.Status;
    }
}

Key Initialization

Define keys in keys.json for auto-generation on first run:

{
  "Keys": [
    {
      "KeyName": "EncryptionKey",
      "KeyType": "Symmetric",
      "RotationIntervalDays": 90,
      "Category": "MasterKey"
    },
    {
      "KeyName": "JwtSigningKey",
      "KeyType": "RSA",
      "KeySize": 2048,
      "RotationIntervalDays": 180,
      "Category": "Signing"
    }
  ]
}

Asymmetric Keys

// Sign data
var signature = await _asymmetricOps.SignAsync(
    "JwtSigningKey",
    data,
    HashAlgorithmName.SHA256);

// Verify signature
var isValid = await _asymmetricOps.VerifyAsync(
    "JwtSigningKey",
    data,
    signature,
    HashAlgorithmName.SHA256);

// Get public key for external use
var publicKeyPem = await _asymmetricOps.GetPublicKeyPemAsync("JwtSigningKey");

Performance

Operation Mean Notes
RetrieveKey (cached) < 1 μs L1 cache hit
RetrieveKey (cache miss) ~12 ms Database + storage
Sign (RSA-2048) ~1.2 ms
Verify (RSA-2048) ~0.15 ms
Sign (ECDSA P-256) ~0.35 ms
Verify (ECDSA P-256) ~0.12 ms

Packages

Package Description
Feedemy.KeyManagement Core library
Feedemy.KeyManagement.Providers.EntityFramework SQL Server persistence
Feedemy.KeyManagement.Providers.Npgsql PostgreSQL persistence
Feedemy.KeyManagement.Providers.Sqlite SQLite persistence (dev/testing)
Feedemy.KeyManagement.Analyzers Roslyn analyzers

Documentation

Detailed documentation available in docs/partial/:

  • README_CORE.md - API reference
  • README_CONFIG.md - Configuration options
  • README_STORAGE.md - Storage providers
  • README_PERSISTENCE.md - Database setup
  • README_CACHE.md - Caching architecture
  • README_INIT.md - Initialization guide
  • README_BACKGROUND.md - Background services
  • README_EXTENSIONS.md - DI setup

License

This project is dual-licensed:

Use Case License Cost
Personal projects MIT Free
Open source projects MIT Free
Commercial products MIT Free
Enterprise support & SLA Commercial Paid

Commercial inquiries: licensing@feedemy.com

Support

Copyright (c) 2025 Feedemy

Product Compatible and additional computed target framework versions.
.NET net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (3)

Showing the top 3 NuGet packages that depend on Feedemy.KeyManagement:

Package Downloads
Feedemy.KeyManagement.Providers.Npgsql

PostgreSQL (Npgsql) persistence provider for Feedemy.KeyManagement. Provides PostgreSQL storage for key metadata, versions, and audit logs with migrations support. Platform-independent alternative to SQL Server.
Feedemy.KeyManagement.Providers.EntityFramework

Entity Framework Core persistence provider for Feedemy.KeyManagement. Provides SQL Server storage for key metadata, versions, and audit logs with migrations support. Fully tested with 56/56 integration tests passing.
Feedemy.KeyManagement.Providers.Sqlite

SQLite persistence provider for Feedemy.KeyManagement. Provides lightweight, file-based storage for key metadata, versions, and audit logs. Ideal for development, testing, and single-server deployments.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
3.1.0 84 3/9/2026
3.0.6 73 3/9/2026
3.0.5 90 3/9/2026
3.0.4 80 3/9/2026
3.0.3 111 3/9/2026
3.0.2 99 3/9/2026
3.0.1 110 2/27/2026
2.5.10 230 1/21/2026
2.5.9 154 1/10/2026
2.5.8 106 1/10/2026
2.5.7 104 1/9/2026
2.5.6 101 1/9/2026
2.5.5 132 1/6/2026
2.5.4 133 1/4/2026 2.5.4 is deprecated because it has critical bugs.
2.5.3 239 1/3/2026 2.5.3 is deprecated because it has critical bugs.
2.5.2 1,424 12/1/2025 2.5.2 is deprecated because it has critical bugs.
2.5.1 1,051 12/1/2025 2.5.1 is deprecated because it is no longer maintained and has critical bugs.
2.5.0 1,043 12/1/2025 2.5.0 is deprecated because it is no longer maintained and has critical bugs.

v2.5.3 - Performance Optimizations and Bug Fixes

PERFORMANCE:
- Cache stampede protection with per-key locking (100 requests = 1 storage call)
- Removed global lock from KeyStorageCoordinator (~10x throughput improvement)
- Telemetry optimization - 50% reduction in trace spam

NEW FEATURES:
- SQLite persistence provider (Feedemy.KeyManagement.Providers.Sqlite)
- DatabaseMigrator implements IDatabaseMigrationRunner interface

BUG FIXES:
- Fixed NullCacheProvider.ExecuteOnceAsync not executing action
- Fixed key rotation failing silently when caching disabled

REMOVED:
- CacheWarmingService (was placeholder) - use IKeyCacheWarmer.WarmCriticalKeysAsync() directly

TESTS: 505/505 passing (100%)