Feedemy.KeyManagement 2.5.7

There is a newer version of this package available.
See the version list below for details.

dotnet add package Feedemy.KeyManagement --version 2.5.7

NuGet\Install-Package Feedemy.KeyManagement -Version 2.5.7

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Feedemy.KeyManagement" Version="2.5.7" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Feedemy.KeyManagement" Version="2.5.7" />
                    

                            Directory.Packages.props

<PackageReference Include="Feedemy.KeyManagement" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Feedemy.KeyManagement --version 2.5.7

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Feedemy.KeyManagement, 2.5.7"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Feedemy.KeyManagement@2.5.7

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Feedemy.KeyManagement&version=2.5.7
                    

                            Install as a Cake Addin

#tool nuget:?package=Feedemy.KeyManagement&version=2.5.7
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Feedemy.KeyManagement

Enterprise-grade key management library for .NET applications.

Features

Automatic Key Rotation - Background service with configurable intervals
Versioned Encryption - Auto-decryption with version detection
Asymmetric Keys - RSA (2048/3072/4096) and ECDSA (P-256/P-384/P-521)
Multi-Platform Storage - Windows DPAPI, Linux Keyring, Azure Key Vault
Distributed Caching - Redis with pub/sub invalidation
Database Persistence - SQL Server, PostgreSQL, and SQLite
Health Monitoring - ASP.NET Core health checks
Fallback Storage - Multi-provider redundancy
Audit Trail - Complete compliance logging
Roslyn Analyzers - 48 compile-time security rules

Installation

dotnet add package Feedemy.KeyManagement

# Persistence (choose one)
dotnet add package Feedemy.KeyManagement.Providers.EntityFramework  # SQL Server
dotnet add package Feedemy.KeyManagement.Providers.Npgsql          # PostgreSQL
dotnet add package Feedemy.KeyManagement.Providers.Sqlite          # SQLite (dev/testing)

# Optional
dotnet add package Feedemy.KeyManagement.Analyzers

Quick Start

Development Setup

using Feedemy.KeyManagement.Extensions;

var builder = WebApplication.CreateBuilder(args);

builder.Services.AddKeyManagement(options =>
{
    options.EnableAutoRotation = true;
    options.RotationCheckInterval = TimeSpan.FromHours(6);
    options.DefaultRotationDays = 90;
});

var app = builder.Build();
app.Run();

Production Setup

builder.Services.AddKeyManagement(options =>
{
    options.EnableAutoRotation = true;
    options.RotationCheckInterval = TimeSpan.FromHours(6);

    // Auto-initialization
    options.Initialization.EnableAutoInitialization = true;
    options.Initialization.ExternalKeysJsonPath = "keys.json";
})
.UseAzureKeyVault("https://your-vault.vault.azure.net/")
.UseRedisCache("localhost:6379")
.UseEntityFrameworkPersistence("Server=localhost;Database=KeyManagement;...");

builder.Services.AddHealthChecks()
    .AddKeyManagementHealthCheck();

Basic Usage

public class MyService
{
    private readonly IKeyManagementService _keyService;
    private readonly IKeyManagementAdminService _adminService;

    // Create a key
    public async Task CreateKeyAsync()
    {
        await _adminService.CreateKeyAsync(new CreateKeyRequest
        {
            KeyName = "MyEncryptionKey",
            AutoGenerate = true,
            KeySize = 32,
            RotationIntervalDays = 90,
            CreatedBy = "Admin"
        });
    }

    // Retrieve a key (cached - sub-millisecond)
    public async Task<byte[]> GetKeyAsync()
    {
        return await _keyService.RetrieveKeyAsync("MyEncryptionKey");
    }

    // Check health
    public async Task<KeyHealthStatus> GetHealthAsync()
    {
        var health = await _keyService.GetKeyHealthAsync("MyEncryptionKey");
        return health.Status;
    }
}

Key Initialization

Define keys in keys.json for auto-generation on first run:

{
  "Keys": [
    {
      "KeyName": "EncryptionKey",
      "KeyType": "Symmetric",
      "RotationIntervalDays": 90,
      "Category": "MasterKey"
    },
    {
      "KeyName": "JwtSigningKey",
      "KeyType": "RSA",
      "KeySize": 2048,
      "RotationIntervalDays": 180,
      "Category": "Signing"
    }
  ]
}

Asymmetric Keys

// Sign data
var signature = await _asymmetricOps.SignAsync(
    "JwtSigningKey",
    data,
    HashAlgorithmName.SHA256);

// Verify signature
var isValid = await _asymmetricOps.VerifyAsync(
    "JwtSigningKey",
    data,
    signature,
    HashAlgorithmName.SHA256);

// Get public key for external use
var publicKeyPem = await _asymmetricOps.GetPublicKeyPemAsync("JwtSigningKey");

Performance

Operation	Mean	Notes
RetrieveKey (cached)	< 1 μs	L1 cache hit
RetrieveKey (cache miss)	~12 ms	Database + storage
Sign (RSA-2048)	~1.2 ms
Verify (RSA-2048)	~0.15 ms
Sign (ECDSA P-256)	~0.35 ms
Verify (ECDSA P-256)	~0.12 ms

Packages

Package	Description
`Feedemy.KeyManagement`	Core library
`Feedemy.KeyManagement.Providers.EntityFramework`	SQL Server persistence
`Feedemy.KeyManagement.Providers.Npgsql`	PostgreSQL persistence
`Feedemy.KeyManagement.Providers.Sqlite`	SQLite persistence (dev/testing)
`Feedemy.KeyManagement.Analyzers`	Roslyn analyzers

Documentation

Detailed documentation available in docs/partial/:

README_CORE.md - API reference
README_CONFIG.md - Configuration options
README_STORAGE.md - Storage providers
README_PERSISTENCE.md - Database setup
README_CACHE.md - Caching architecture
README_INIT.md - Initialization guide
README_BACKGROUND.md - Background services
README_EXTENSIONS.md - DI setup

License

This project is dual-licensed:

MIT License - Free for all use cases including commercial
Commercial License - For enterprise support, SLA, and priority features

Use Case	License	Cost
Personal projects	MIT	Free
Open source projects	MIT	Free
Commercial products	MIT	Free
Enterprise support & SLA	Commercial	Paid

Commercial inquiries: licensing@feedemy.com

Support

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Azure.Identity (>= 1.17.1)
- Azure.Security.KeyVault.Secrets (>= 4.8.0)
- Microsoft.Data.SqlClient (>= 6.1.3)
- Microsoft.Data.Sqlite (>= 10.0.0)
- Microsoft.EntityFrameworkCore.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Caching.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Caching.Memory (>= 10.0.0)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Diagnostics.HealthChecks (>= 10.0.0)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.0)
- Microsoft.Extensions.Options (>= 10.0.0)
- OpenTelemetry.Api (>= 1.14.0)
- Polly (>= 8.6.5)
- StackExchange.Redis (>= 2.10.1)

NuGet packages (3)

Showing the top 3 NuGet packages that depend on Feedemy.KeyManagement:

Package	Downloads
Feedemy.KeyManagement.Providers.Npgsql PostgreSQL (Npgsql) persistence provider for Feedemy.KeyManagement. Provides PostgreSQL storage for key metadata, versions, and audit logs with migrations support. Platform-independent alternative to SQL Server.	2.3K
Feedemy.KeyManagement.Providers.EntityFramework Entity Framework Core persistence provider for Feedemy.KeyManagement. Provides SQL Server storage for key metadata, versions, and audit logs with migrations support. Fully tested with 56/56 integration tests passing.	2.3K
Feedemy.KeyManagement.Providers.Sqlite SQLite persistence provider for Feedemy.KeyManagement. Provides lightweight, file-based storage for key metadata, versions, and audit logs. Ideal for development, testing, and single-server deployments.	930

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
3.1.0	78	3/9/2026
3.0.6	72	3/9/2026
3.0.5	89	3/9/2026
3.0.4	80	3/9/2026
3.0.3	111	3/9/2026
3.0.2	99	3/9/2026
3.0.1	110	2/27/2026
2.5.10	230	1/21/2026
2.5.9	154	1/10/2026
2.5.8	106	1/10/2026
2.5.7	104	1/9/2026
2.5.6	101	1/9/2026
2.5.5	132	1/6/2026
2.5.4	133	1/4/2026
2.5.3	239	1/3/2026
2.5.2	1,424	12/1/2025
2.5.1	1,050	12/1/2025
2.5.0	1,043	12/1/2025

v2.5.7 - ForceOverride for Initial Keys

NEW FEATURES:
- Added ForceOverride option for external keys JSON initialization
- When forceOverride=true, existing keys get updated with new version instead of being skipped
- Useful for updating key content during redeployments without manual intervention

USAGE:
{
"Keys": [{
   "keyName": "MyKey",
   "initialContent": "newContent",
   "forceOverride": true
}]
}

TESTS: All passing (20/20 KeyInitialization tests)