IdentityShroud/IdentityShroud.Core/Model/RealmKey.cs

using System.ComponentModel.DataAnnotations.Schema;
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Security;
using Microsoft.EntityFrameworkCore;

namespace IdentityShroud.Core.Model;


[Table("realm_key")]
public record RealmKey
{
    public required Guid Id { get; init; }
    public required string KeyType { get; init; }

    
    public required EncryptedDek Key { get; init; }
    public required DateTime CreatedAt { get; init; }
    public DateTime? RevokedAt { get; set; }

    /// <summary>
    /// Key with highest priority will be used. While there is not really a use case for this I know some users
    /// are more comfortable replacing keys by using priority then directly deactivating the old key.
    /// </summary>
    public int Priority { get; set; } = 10;
    

}
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`using System.ComponentModel.DataAnnotations.Schema;`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`using IdentityShroud.Core.Contracts;`
Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek. 2026-02-26 16:53:02 +01:00			`using IdentityShroud.Core.Security;`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`using Microsoft.EntityFrameworkCore;`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00
			`namespace IdentityShroud.Core.Model;`


			`[Table("realm_key")]`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`public record RealmKey`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`{`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`public required Guid Id { get; init; }`
			`public required string KeyType { get; init; }`


Encrypt realm data with dek which is encrypted with kek. The signing keys are also encrypted with the kek. 2026-02-26 16:53:02 +01:00			`public required EncryptedDek Key { get; init; }`
Support rotation of master key. The EncryptionService now loads a set of keys and uses the active one to encrypt and selects key based on keyid during decryption. Introduced EncryptedValue to hold keyId and encrypted data. (There are no intermeddiate keys yet) 2026-02-24 06:32:58 +01:00			`public required DateTime CreatedAt { get; init; }`
WIP making ClientCreate endpoint 2026-02-20 17:35:38 +01:00			`public DateTime? RevokedAt { get; set; }`

			`/// <summary>`
			`/// Key with highest priority will be used. While there is not really a use case for this I know some users`
			`/// are more comfortable replacing keys by using priority then directly deactivating the old key.`
			`/// </summary>`
			`public int Priority { get; set; } = 10;`


			`}`