SecretPropertys 1.0.0
dotnet add package SecretPropertys --version 1.0.0
NuGet\Install-Package SecretPropertys -Version 1.0.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.
<PackageReference Include="SecretPropertys" Version="1.0.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package.
<PackageVersion Include="SecretPropertys" Version="1.0.0" />
<PackageReference Include="SecretPropertys" />
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.
paket add SecretPropertys --version 1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
#r "nuget: SecretPropertys, 1.0.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.
#addin nuget:?package=SecretPropertys&version=1.0.0
#tool nuget:?package=SecretPropertys&version=1.0.0
The NuGet Team does not provide support for this client. Please contact its maintainers for support.
SecretPropertys
SecretPropertys is a powerful .NET NuGet package that secures your sensitive information (API keys, connection strings, passwords) in C# applications using Roslyn source generators. It automatically obfuscates secrets at build time, preventing clear text secrets from appearing in your compiled output or being discoverable through decompilation.
✨ Features
- Strong Encryption: Uses AES-256 encryption with assembly-specific keys to protect your secrets
- Simple Integration: Mark properties with
[BuildSecret]attribute to identify values that should be secured - Compile-Time Protection: Encrypts secrets during the build process - no clear text in compiled assemblies
- Anti-Tampering: HMAC verification to detect and prevent modification of obfuscated secrets
- Decompiler Protection: Runtime checks to detect when code is running in a decompiler
- Build-Time Configuration: Supply secrets via command-line parameters or project files
- Zero Runtime Dependencies: All decryption code is generated inline - no external packages required
- Comprehensive Diagnostics: Detailed build-time messages when secrets are missing or invalid
🚀 Installation
Install the SecretPropertys NuGet package:
dotnet add package SecretPropertys
Or via the NuGet Package Manager:
Install-Package SecretPropertys
📋 Usage Guide
1. Mark Properties for Secret Handling
using SecretPropertys.Attributes;
// Add the partial keyword to allow the source generator to extend this class
public partial class Configuration
{
[BuildSecret(Key = "ApiKeySecret")]
public static string ApiKey { get; private set; }
[BuildSecret(Key = "ConnectionStringSecret")]
public static string ConnectionString { get; private set; }
}
2. Make Secrets Available During Build
Option 1: Define in Project File (.csproj)
<PropertyGroup>
<ApiKeySecret>your-secret-api-key</ApiKeySecret>
<ConnectionStringSecret>your-connection-string</ConnectionStringSecret>
</PropertyGroup>
<ItemGroup>
<CompilerVisibleProperty Include="ApiKeySecret" />
<CompilerVisibleProperty Include="ConnectionStringSecret" />
</ItemGroup>
Option 2: Supply via Command Line
dotnet build /p:ApiKeySecret=your-secret-api-key /p:ConnectionStringSecret=your-connection-string
3. Use the Secured Properties
At runtime, the properties will be automatically initialized with the decrypted values:
// The secret is automatically decrypted at runtime
Console.WriteLine($"Using API with key: {Configuration.ApiKey}");
🔒 Security Details
SecretPropertys protects your secrets using:
- Layered Encryption: AES-256 encryption using keys derived from assembly metadata
- Key Derivation: PBKDF2 with a high iteration count for deriving encryption keys
- Anti-Tampering: HMAC-SHA256 to verify integrity of the encrypted data
- Anti-Debugging: Runtime integrity checks to detect execution in decompilers
- Dynamic Security: Build-time random salt generation for unique encryption per build
- Fail-Fast Approach: Application termination if secrets are tampered with or decryption fails
⚠️ Important Considerations
- Secrets are protected from decompilation, but they still exist in memory at runtime
- Use access control and proper permissions for build machines/CI systems with access to secrets
- Do not commit secrets directly in project files to source control
- Consider using environment variables or secure CI/CD solutions for production deployments
🧰 Advanced Configuration
Custom Error Handling
Add custom handling when secrets fail to load:
try
{
// Use your secured properties
var api = new ApiClient(Configuration.ApiKey);
}
catch (InvalidOperationException ex) when (ex.Message.Contains("Failed to decrypt secret"))
{
// Handle secret decryption failures
Logger.Error("Secret decryption failed", ex);
Environment.Exit(1);
}
Using with Dependency Injection
public static void ConfigureServices(IServiceCollection services)
{
// Register a configured API client using the secured API key
services.AddSingleton<IApiClient>(sp => new ApiClient(Configuration.ApiKey));
}
📄 License
This project is licensed under the MIT License - see the LICENSE file for details.
🤝 Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
There are no supported framework assets in this package.
Learn more about Target Frameworks and .NET Standard.
-
.NETStandard 2.0
- No dependencies.
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
| Version | Downloads | Last updated |
|---|---|---|
| 1.0.0 | 257 | a month ago |