Note
This guide applies to Steeltoe v3. Please open an issue if you'd like to help update the content for Steeltoe v4.
Using Cloud Security with a Redis Cache for key ring store
This tutorial takes you through setting up a .NET Core application that stores its master keys used to protect payloads in an external Redis cache. Learn more about ASP.NET data protection here.
Note
For more detailed examples, please refer to the RedisDataProtectionKeyStore project in the Steeltoe Samples Repository.
First, start a Redis instance. Using the Steeltoe dockerfile, start a local instance of RedisStore.
docker run --publish 6379:6379 steeltoeoss/redis
Next, create a .NET Core WebAPI using redis for key storage
Create a new ASP.NET Core WebAPI app with the Steeltoe Initializr
Name the project "RedisKeyRingExample"
Add the "Redis" dependency
Click Generate to download a zip containing the new project
Extract the zipped project and open in your IDE of choice
Set the Redis multiplexer and DataProtection in Startup.cs
using Steeltoe.CloudFoundry.Connector.Redis; public class Startup { public IConfiguration Configuration { get; private set; } public Startup(IConfiguration configuration) { Configuration = configuration; } public void ConfigureServices(IServiceCollection services) { // Add StackExchange ConnectionMultiplexer configured from Cloud Foundry services.AddRedisConnectionMultiplexer(Configuration); // Add DataProtection and persist keys to Redis service services.AddDataProtection() .PersistKeysToRedis() .SetApplicationName("Some Name"); // Add framework services. services.AddMvc(); } }
Run the application
dotnet run<PATH_TO>\RedisKeyRingExample.csproj
Navigate to the endpoint (you may need to change the port number) http://localhost:5000/api/values
Thats it! Now you can run multiple instances of your application and they will all share the same master key for encrypting its payloads.