public static void AddKeyManagement( this IServiceCollection services, IConfiguration configuration, ILogger logger) { services.AddSingleton <IKeyManagement>(s => { var provider = configuration.GetValue <string>("KeyManagement:Provider"); logger.Information("Selected KeyManagement: {provider}", provider); switch (provider) { case "AwsKms": return(GetAwsKeyManagement(logger, configuration)); case "GoogleKms": return(GetGoogleCloudKeyManagment(configuration)); case "AzureKeyVault": return(GetAzurKeyVaultKeyManagement(configuration)); case "AESKey": var key = configuration.GetValue <string>("KeyManagement:AES:Key"); if (string.IsNullOrEmpty(key)) { logger.Warning("Random key was created for SymmetricKeyManagement, it might break distributed deployments"); return(new SymmetricKeyManagement(RijndaelUtils.GenerateKey(256))); } return(new SymmetricKeyManagement(Convert.FromBase64String(key))); default: throw new InvalidOperationException($"Unsupported provider type: {provider}"); } }); }
public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true) { if (data.Length <= mMaximumDataLength) { return(await mMasterKeyManagement.Encrypt(data, serviceAccountId, createKeyIfMissing)); } mLogger.Information("Encryption data too length, using envelope encryption"); var dataKey = RijndaelUtils.GenerateKey(256); var(encryptedData, iv) = RijndaelUtils.Encrypt(dataKey, Encoding.UTF8.GetBytes(data)); var encryptedDataKey = await mMasterKeyManagement.Encrypt(Convert.ToBase64String(dataKey), serviceAccountId, createKeyIfMissing); return(EnvelopeEncryptionUtils.Wrap(encryptedDataKey, iv, encryptedData)); }