Feature suggestion: Foundatio component for key vaults about foundatio HOT 9 OPEN

You would need to be willing to take ownership and submit a few implementations. Is that ok?

absolutely :-) I don't think this should be very complicated. For one of our use cases, I'd really like to support local and windows secret management, so I'll need to do a bit more digging there to make sure that we can have a similar API to the Azure KV.

from foundatio.

Isn't that what the .NET config is for?

from foundatio.

with the .net config you can read local secrets and read values from key vault but it is not ideal for writing/saving secrets or ensuring that a value is in a secret storage and no way to manage any expiry of a secret. In these scenarios, you are forced to use the native APIs for key vault or equivalents.

from foundatio.

So you are actually looking for secret management, not so much just getting secrets since .NET config has implementations for all of those secret services you've mentioned. Is that correct?

from foundatio.

correct - secret management

from foundatio.

Ok, it's not something I have a lot of familiarity with. I've just typically imported secret config. If you want to give me an idea of what the abstraction would look like then we can discuss more. You would need to be willing to take ownership and submit a few implementations. Is that ok?

from foundatio.

I'm just curious in the scenarios you think this would be used. From my very limited experience, a team or policy would control or rotate keys / secrets and this wouldn't be done from an application.

from foundatio.

@niemyjski - we have plenty of use cases recently. Anything that has some dynamic infrastructure, esp if the app needs to manage any user secret (e.g. external storage account, database, etc.).

Ideally the static application settings should be managed by terraform/policy but everything that is provided by the user is better stored in a managed encrypted store. We have built apps that provisions user storage accounts and connect to user provided storage accounts - and these need a way for the application to access secure stores.

from foundatio.

https://github.com/sebastiean/volt https://twitter.com/davidfowl/status/1783732990251815165

from foundatio.