5-improve-encrypted-storage (#6)
Added the use of DEK's for encryption of secrets. Both the KEK's and DEK's are stored in a way that you can have multiple key of which one is active. But the others are still available for decrypting. This allows for implementing key rotation. Co-authored-by: eelke <eelke@eelkeklein.nl> Co-authored-by: Eelke76 <31384324+Eelke76@users.noreply.github.com> Reviewed-on: #6
This commit is contained in:
parent
138f335af0
commit
07393f57fc
87 changed files with 1903 additions and 533 deletions
|
|
@ -1,10 +1,10 @@
|
|||
using FluentValidation;
|
||||
using IdentityShroud.Api;
|
||||
using IdentityShroud.Api.Mappers;
|
||||
using IdentityShroud.Api.Validation;
|
||||
using IdentityShroud.Core;
|
||||
using IdentityShroud.Core.Contracts;
|
||||
using IdentityShroud.Core.Security;
|
||||
using IdentityShroud.Core.Security.Keys;
|
||||
using IdentityShroud.Core.Services;
|
||||
using Serilog;
|
||||
using Serilog.Formatting.Json;
|
||||
|
|
@ -36,13 +36,21 @@ void ConfigureBuilder(WebApplicationBuilder builder)
|
|||
// Learn more about configuring OpenAPI at https://aka.ms/aspnet/openapi
|
||||
services.AddOpenApi();
|
||||
services.AddScoped<Db>();
|
||||
services.AddScoped<IClientService, ClientService>();
|
||||
services.AddSingleton<IClock, ClockService>();
|
||||
services.AddSingleton<IDekEncryptionService, DekEncryptionService>();
|
||||
services.AddScoped<IDataEncryptionService, DataEncryptionService>();
|
||||
services.AddScoped<IRealmContext, RealmContext>();
|
||||
services.AddScoped<IKeyProviderFactory, KeyProviderFactory>();
|
||||
services.AddScoped<IKeyService, KeyService>();
|
||||
services.AddScoped<IRealmService, RealmService>();
|
||||
services.AddOptions<DbConfiguration>().Bind(configuration.GetSection("db"));
|
||||
services.AddSingleton<ISecretProvider, ConfigurationSecretProvider>();
|
||||
services.AddSingleton<KeyMapper>();
|
||||
services.AddSingleton<IEncryptionService, EncryptionService>();
|
||||
services.AddScoped<KeyMapper>();
|
||||
services.AddScoped<IRealmContext, RealmContext>();
|
||||
|
||||
services.AddValidatorsFromAssemblyContaining<RealmCreateRequestValidator>();
|
||||
services.AddValidatorsFromAssemblyContaining<RealmCreateRequestValidator>();
|
||||
services.AddHttpContextAccessor();
|
||||
|
||||
builder.Host.UseSerilog((context, services, configuration) => configuration
|
||||
.Enrich.FromLogContext()
|
||||
|
|
@ -57,7 +65,8 @@ void ConfigureApplication(WebApplication app)
|
|||
app.MapOpenApi();
|
||||
}
|
||||
app.UseSerilogRequestLogging();
|
||||
app.MapRealmEndpoints();
|
||||
app.MapApis();
|
||||
|
||||
// app.UseRouting();
|
||||
// app.MapControllers();
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue