Korjn.EncryptedStorage 9.0.2

.NET 9.0 This package targets .NET 9.0. The package is compatible with this framework or higher. 
dotnet add package Korjn.EncryptedStorage --version 9.0.2
                    


                    

                
NuGet\Install-Package Korjn.EncryptedStorage -Version 9.0.2
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Korjn.EncryptedStorage" Version="9.0.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Korjn.EncryptedStorage" Version="9.0.2" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Korjn.EncryptedStorage" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Korjn.EncryptedStorage --version 9.0.2
                    


                    

                
#r "nuget: Korjn.EncryptedStorage, 9.0.2"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#addin nuget:?package=Korjn.EncryptedStorage&version=9.0.2
                    


                            Install Korjn.EncryptedStorage as a Cake Addin
                        

                    

                
#tool nuget:?package=Korjn.EncryptedStorage&version=9.0.2
                    


                            Install Korjn.EncryptedStorage as a Cake Tool

Korjn.EncryptedStorage

🔐 A lightweight and extensible .NET library for securely loading and decrypting configuration objects from various storage backends using Microsoft.AspNetCore.DataProtection.

Includes built-in support for JSON file-based encrypted storage and is designed for future extension (memory, vaults, blobs, etc.).

✨ Features

  • 🔒 Encrypts sensitive fields using ASP.NET Core Data Protection API
  • 🧩 Attribute-based encryption ([Encrypted])
  • 📄 JSON file storage with auto-update on first encryption
  • 💡 Built-in support for credentials via ICredentialJsonFileProvider
  • 🔧 IOptions, named configuration, DI and snapshot support
  • 🧱 Ready for extensible storage backends (file, memory, secrets, cloud vaults)

📦 Installation

dotnet add package Korjn.EncryptedStorage

🚀 Quick Start

1. Define your model

public record Credential
{
    public string? UserName { get; init; }

    [Encrypted]
    public string? Password { get; internal set; }
}

2. Create your credential file (db.cred.json)

{
  "UserName": "admin",
  "Password": "admin123"
}

3. Register in Program.cs

builder.Services.AddCredentialJsonFileProvider(options =>
{
    options.FilePath = "db.cred.json";
    options.Purpose = "MyApp/Credentials";
});

4. Inject and use

public class MyService
{
    private readonly ICredentialJsonFileProvider provider;

    public MyService(ICredentialJsonFileProvider provider)
    {
        this.provider = provider;
    }

    public void Login()
    {
        var cred = provider.Load();
        Console.WriteLine($"User: {cred.UserName}, Password: {cred.Password}");
    }
}

⚙️ Configuration Options

Property Description Required
FilePath Path to the JSON file
Purpose Data protection purpose string
SignatureMarker Optional marker used to identify encrypted values

Default SignatureMarker is "2x2". Encrypted strings will be prefixed with its Base64 value (e.g. Mnh2).

💡 Advanced: Generic Usage

You can also use the generic version of the provider with any model:

builder.Services.AddEncryptedJsonFileProvider<ApiSecret>("MyApi", options =>
{
    options.FilePath = "secrets.json";
    options.Purpose = "MyApp/Secrets";
});

public record ApiSecret
{
    public string? Name { get; init; }

    [Encrypted]
    public string? ApiKey { get; set; }
}

Then inject:

public class ApiService
{
    private readonly IEncryptedJsonFileProvider<ApiSecret> provider;

    public ApiService(IEncryptedJsonFileProvider<ApiSecret> provider)
    {
        this.provider = provider;
    }

    public void Use()
    {
        var secret = provider.Load();
        Console.WriteLine($"Using {secret.Name}: {secret.ApiKey}");
    }
}

🔐 How Encryption Works

  • Fields marked with [Encrypted] are encrypted using IDataProtector.
  • Encrypted strings are prefixed with a signature (e.g., Mnh2...) to prevent double encryption.
  • If a field is not encrypted yet, it will be encrypted on first read and the file will be updated.

📘 Interfaces

public interface IEncryptedJsonFileProvider<T>
{
    T Load();
}

public interface ICredentialJsonFileProvider
{
    Credential Load();
}

🛡️ Security Notes

  • Only string properties are supported for encryption.
  • File is updated in-place only once when new encrypted values are introduced.
  • Ensure Purpose is unique per use-case to isolate encrypted scopes.

📄 License

MIT © Korjn

Korjn.EncryptedStorage

🔐 A lightweight and extensible .NET library for securely loading and decrypting configuration objects from various storage backends using Microsoft.AspNetCore.DataProtection.

Includes built-in support for JSON file-based encrypted storage and is designed for future extension (memory, vaults, blobs, etc.).

✨ Features

  • 🔒 Encrypts sensitive fields using ASP.NET Core Data Protection API
  • 🧩 Attribute-based encryption ([Encrypted])
  • 📄 JSON file storage with auto-update on first encryption
  • 💡 Built-in support for credentials via ICredentialJsonFileProvider
  • 🔧 IOptions, named configuration, DI and snapshot support
  • 🧱 Ready for extensible storage backends (file, memory, secrets, cloud vaults)

📦 Installation

dotnet add package Korjn.EncryptedStorage

🚀 Quick Start

1. Define your model

public record Credential
{
    public string? UserName { get; init; }

    [Encrypted]
    public string? Password { get; internal set; }
}

2. Create your credential file (db.cred.json)

{
  "UserName": "admin",
  "Password": "admin123"
}

3. Register in Program.cs

builder.Services.AddCredentialJsonFileProvider(options =>
{
    options.FilePath = "db.cred.json";
    options.Purpose = "MyApp/Credentials";
});

4. Inject and use

public class MyService
{
    private readonly ICredentialJsonFileProvider provider;

    public MyService(ICredentialJsonFileProvider provider)
    {
        this.provider = provider;
    }

    public void Login()
    {
        var cred = provider.Load();
        Console.WriteLine($"User: {cred.UserName}, Password: {cred.Password}");
    }
}

⚙️ Configuration Options

Property Description Required
FilePath Path to the JSON file
Purpose Data protection purpose string
SignatureMarker Optional marker used to identify encrypted values

Default SignatureMarker is "2x2". Encrypted strings will be prefixed with its Base64 value (e.g. Mnh2).

💡 Advanced: Generic Usage

You can also use the generic version of the provider with any model:

builder.Services.AddEncryptedJsonFileProvider<ApiSecret>("MyApi", options =>
{
    options.FilePath = "secrets.json";
    options.Purpose = "MyApp/Secrets";
});

public record ApiSecret
{
    public string? Name { get; init; }

    [Encrypted]
    public string? ApiKey { get; set; }
}

Then inject:

public class ApiService
{
    private readonly IEncryptedJsonFileProvider<ApiSecret> provider;

    public ApiService(IEncryptedJsonFileProvider<ApiSecret> provider)
    {
        this.provider = provider;
    }

    public void Use()
    {
        var secret = provider.Load();
        Console.WriteLine($"Using {secret.Name}: {secret.ApiKey}");
    }
}

🔐 How Encryption Works

  • Fields marked with [Encrypted] are encrypted using IDataProtector.
  • Encrypted strings are prefixed with a signature (e.g., Mnh2...) to prevent double encryption.
  • If a field is not encrypted yet, it will be encrypted on first read and the file will be updated.

📘 Interfaces

public interface IEncryptedJsonFileProvider<T>
{
    T Load();
}

public interface ICredentialJsonFileProvider
{
    Credential Load();
}

🛡️ Security Notes

  • Only string properties are supported for encryption.
  • File is updated in-place only once when new encrypted values are introduced.
  • Ensure Purpose is unique per use-case to isolate encrypted scopes.

📄 License

MIT © Korjn

Product Compatible and additional computed target framework versions.
.NET net9.0 is compatible.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last updated
9.0.2 187 4/17/2025
9.0.1 154 4/9/2025
9.0.0 155 4/7/2025