Table of Contents
Note

This guide applies to Steeltoe v3. Please open an issue if you'd like to help update the content for Steeltoe v4.

Using Cloud Security with a Redis Cache for key ring store

This tutorial takes you through setting up a .NET Core application that stores its master keys used to protect payloads in an external Redis cache. Learn more about ASP.NET data protection here.

Note

For more detailed examples, please refer to the RedisDataProtectionKeyStore project in the Steeltoe Samples Repository.

First, start a Redis instance. Using the Steeltoe dockerfile, start a local instance of RedisStore.

docker run --publish 6379:6379 steeltoeoss/redis

Next, create a .NET Core WebAPI using redis for key storage

  1. Create a new ASP.NET Core WebAPI app with the Steeltoe Initializr

  2. Name the project "RedisKeyRingExample"

  3. Add the "Redis" dependency

  4. Click Generate to download a zip containing the new project

  5. Extract the zipped project and open in your IDE of choice

  6. Set the Redis multiplexer and DataProtection in Startup.cs

    using Steeltoe.CloudFoundry.Connector.Redis;
    
    public class Startup {
      public IConfiguration Configuration { get; private set; }
      public Startup(IConfiguration configuration) {
        Configuration = configuration;
      }
    
      public void ConfigureServices(IServiceCollection services) {
        // Add StackExchange ConnectionMultiplexer configured from Cloud Foundry
        services.AddRedisConnectionMultiplexer(Configuration);
    
        // Add DataProtection and persist keys to Redis service
        services.AddDataProtection()
          .PersistKeysToRedis()
          .SetApplicationName("Some Name");
        // Add framework services.
    
        services.AddMvc();
      }
    }
    

Run the application

dotnet run<PATH_TO>\RedisKeyRingExample.csproj

Navigate to the endpoint (you may need to change the port number) http://localhost:5000/api/values

Thats it! Now you can run multiple instances of your application and they will all share the same master key for encrypting its payloads.