Stratara.Security 3.1.4

.NET 10.0

dotnet add package Stratara.Security --version 3.1.4

NuGet\Install-Package Stratara.Security -Version 3.1.4

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Stratara.Security" Version="3.1.4" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Stratara.Security" Version="3.1.4" />
                    

                            Directory.Packages.props

<PackageReference Include="Stratara.Security" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Stratara.Security --version 3.1.4

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Stratara.Security, 3.1.4"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Stratara.Security@3.1.4

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Stratara.Security&version=3.1.4
                    

                            Install as a Cake Addin

#tool nuget:?package=Stratara.Security&version=3.1.4
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Stratara.Security

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Dependency-light key store and envelope encryption for Stratara. Provides a production IKeyStore with KEK-wrapped, versioned per-scope data-encryption keys (rotation, revoke, and crypto-shred), a file-backed master-key provider, and an AES-GCM blob encryptor — referencing only Stratara.Abstractions + BCL crypto. No EF Core, RabbitMQ, Redis, or cloud SDKs in the graph.

Quick start

// appsettings / secrets:
// "Stratara": { "KeyStore": { "MasterKeyBase64": "<openssl rand -base64 32>", "StorePath": "/var/run/secrets/keystore.json" } }

builder.Services.AddStrataraFileKeyStore(builder.Configuration);

// Encrypt a blob bound to a tenant scope + purpose:
var scope = new KeyScope(DataSensitivityLevel.TenantScoped, tenantId: "acme-corp");
await using var encrypted = await encryptor.EncryptAsync(plainStream, scope, purpose: "attachment");
await using var plain = await encryptor.DecryptAsync(encrypted, scope);

What's inside

EnvelopeFileKeyStore (IKeyStore) — random 32-byte DEK per scope/version, KEK-wrapped with AES-256-GCM (wrap AAD bound to the key id, so a wrapped DEK can't be moved to another scope). The store file holds only wrapped DEKs + metadata, never plaintext. RotateAsync adds a version; RevokeAsync makes one version undecryptable; EraseScopeAsync deletes all versions for a scope (GDPR Art. 17 crypto-shred). DEKs are zeroed after use; the store file is written 0600 on Unix.
FileMasterKeyProvider (IMasterKeyProvider) — KEK from MasterKeyBase64, validated to decode to exactly 32 bytes (AES-256) at startup. The custody seam: swap for an HSM / KMS / vault provider later without touching the stored data.
AesGcmSecureBlobEncryptor (ISecureBlobEncryptor) — AES-GCM stream encryption with a purpose-bound AAD ({tenant}||{purpose}) and a versioned, self-describing format (v2 leading byte). Reads legacy streams without the version byte; set Stratara:BlobEncryption:LegacyBlobsCarryPurpose to match the legacy layout.
DummyKeyStore — Development-only deterministic fallback (throws outside Development).

Key id schema

{level}:{tenant}:{user}:v{N} — e.g. TenantScoped:acme-corp::v1. GetOrCreateCurrentKeyAsync returns the highest non-revoked version (creating v1 if none); RotateAsync creates v{N+1}.

Dependencies

Stratara.Abstractions
Stratara.Diagnostics
Microsoft.Extensions.{Configuration,DependencyInjection,Hosting,Logging}.Abstractions
Microsoft.Extensions.Options (+ Options.ConfigurationExtensions)

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.Extensions.Configuration.Abstractions (>= 10.0.8)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Options (>= 10.0.8)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 10.0.8)
- Stratara.Abstractions (>= 3.1.4)
- Stratara.Diagnostics (>= 3.1.4)

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Stratara.Security:

Package	Downloads
Stratara.Infrastructure Infrastructure glue for the Stratara framework — authorization decorators, configuration providers, and DI composition helpers that wire Mediator, Outbox, Identity, and EF Core into a hosted app.	610
Stratara.Testing Test doubles and assertion helpers for applications built on the Stratara framework — an in-memory IKeyStore, an in-memory IMessageBus, a preset ISessionContextProvider, deterministic tenant ids, and a given/when/then aggregate rehydration harness. Drop the Postgres/RabbitMQ testcontainers for unit tests.	175

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
3.1.4	30	6/15/2026
3.1.3	71	6/10/2026
3.1.2	144	6/5/2026
3.1.1	727	6/1/2026
3.1.0	118	5/30/2026

### Added

- **Command-workload isolation (heavy-command lane)** — long-running commands can now be routed to a
dedicated worker lane so they cannot starve interactive commands. Mark a command with the new
`Stratara.Abstractions.Mediator.IHeavyCommand` marker and the `ICommandOutboxDispatcher`
automatically publishes it to a separate heavy-command topic (`IMessagingIdentifier.HeavyCommandTopic` /
`HeavyCommandSubscription`, configurable under `Messaging:HeavyCommand`, defaulting to `heavy-command` /
`heavy-command-subscription`). Run a dedicated heavy-command worker with the new
`services.AddHeavyCommandWorker(degreeOfParallelism?)` extension, or the
`builder.AddHeavyCommandWorkerServices(degreeOfParallelism?)` host composite — in the same process as
the interactive worker (two lanes) or in a separately scaled host. Each worker's degree of parallelism
is configurable per lane. `IMessagingIdentifier` gains `HeavyCommandTopic`, `HeavyCommandSubscription`,
and the `GetCommandTopic(Type)` / `GetCommandSubscription(Type)` routing helpers. The interactive lane
(`AddMediatorWorker()`) is unchanged and remains the default; commands not marked heavy keep their
existing routing. If a heavy command is dispatched while no heavy worker is bound, the publish is
rejected and the command is preserved in the outbox until a heavy-command worker comes online — it is
never dropped. Works over both the RabbitMQ and Azure Service Bus message buses (Azure Service Bus
requires the heavy-command topic/subscription to be provisioned, like the existing command topic). New
log-event ID `105_005` (`CommandWorkerLaneStarted`) in `Stratara.Diagnostics`.
- **Observability metrics across the worker pipeline** (`Stratara.Diagnostics`) — the shared
`Stratara.Service` meter now publishes throughput and latency instruments so operators can see how the
event-sourcing pipeline is behaving instead of flying blind on a single counter. New instruments:
`event_source.events.appended` (counter, tagged by `event.type` / `aggregate.type`),
`outbox.published` (counter, tagged by `outbox.kind` = `command` / `event`), `command.duration`
(histogram, ms, tagged by `request.type` / `outcome`), `projection.events.processed` (counter) +
`projection.bundle.duration` (histogram, ms), `saga.events.processed` (counter) +
`saga.bundle.duration` (histogram, ms), and `saga.inflight` (up/down counter). They are recorded by the
event source, command worker, projection worker, saga worker, and outbox worker respectively. Because
projections and sagas are real-time bus subscribers without a persisted checkpoint, these report
**throughput and latency**, not consumer lag. No configuration is required — point any OpenTelemetry
metrics exporter at the `Stratara.Service` meter.
- **Operational health checks for the event store and outbox** (`Stratara.EventSourcing.EntityFrameworkCore`) —
two opt-in readiness checks added to any `IHealthChecksBuilder`: `AddEventStoreHealthCheck()` verifies
the write-side database is reachable, and `AddOutboxHealthCheck(degradedThreshold?, unhealthyThreshold?)`
reports the pending outbox backlog (exposed under the `pending` data key) and escalates to
`Degraded` / `Unhealthy` when the backlog crosses the supplied thresholds. Both are tagged `ready` by
default (so they map to a readiness endpoint, not liveness) and require the Stratara write store to be
registered. The write-store DbContext is now also resolvable as a scoped `IWriteDbContext` service to
support these checks.
- **Polly-backed mediator resilience behavior** (`Stratara.Resilience`) — an opt-in pipeline behavior
wraps the in-process dispatch of a request marked with the new
`Stratara.Abstractions.Resilience.IResilientRequest` in the named Polly pipeline the request selects
(`ResiliencePipelineName`). Register it with the new `AddStrataraResilienceBehavior()` (after
`AddStrataraValidation()` / `AddStrataraTenantIsolation()` so the retry wraps the handler, not the
guards); requests without the marker are unaffected. A new built-in pipeline
`ResilienceNames.ConcurrencyConflict` retries **only** on
`Stratara.Abstractions.Persistence.ConcurrencyConflictException` (5 attempts, short exponential
backoff) so a handler that re-reads and re-applies on an optimistic-concurrency clash succeeds without
bespoke retry loops; it is registered by `AddResiliencePipelines()` alongside the existing message-bus
and dispatcher pipelines. Only mark handlers that are safe to re-run (idempotent or concurrency-guarded).