Woof.Config
5.5.0
Prefix Reserved
See the version list below for details.
dotnet add package Woof.Config --version 5.5.0
NuGet\Install-Package Woof.Config -Version 5.5.0
<PackageReference Include="Woof.Config" Version="5.5.0" />
paket add Woof.Config --version 5.5.0
#r "nuget: Woof.Config, 5.5.0"
// Install Woof.Config as a Cake Addin #addin nuget:?package=Woof.Config&version=5.5.0 // Install Woof.Config as a Cake Tool #tool nuget:?package=Woof.Config&version=5.5.0
Woof.Config
.NET extension created by CodeDog
Distributed under MIT License. (c)2021 by CodeDog, All rights reserved.
About
This is an extension for Microsoft.Extensions.Configuration.IConfiguration
that reads and writes JSON configuration files.
For Linux they should be placed in the same directory as the entry assembly.
For Windows the configuration files should be placed in the user's local application data subfolder.
The Windows installer should use a folder for configuration files as follows:
[LocalAppDataFolder]\[Manufacturer]\[ProductName]
.
This is absolutely required if the data protection is used for Windows. It ensures that the each user will have a separate configuration. Per-user installation is also required for the data protection.
The configuration can be read using IConfiguration
interface
methods, or bound to an object property via
Microsoft.Extensions.Configuration.ConfigurationBinder.Bind
method.
It can also read some sensitive configuration data from Azure Key Vault.
The default name for the configuration file is the main assembly name with ".json" extenstion.
The access to the configuration file can be restricted with data
protection. When DataProtectionScope
is provided in the constructor,
the configuration will be encrypted on first read, the plain text file
will be deleted.
On linux, the application key will be created in:
- /etc/dotnet/dpapi directory for
DataProtectionScope.LocalMachine
, - ~/.net/dpapi directory for
DataProtectionScope.CurrentUser
.
The correct directories will be used even when run with sudo
.
The access to the protection keys will be restricted to owner user
and group.
Use DPAPI.RestrictAccess(user, group)
to make keys accessible exclusively to
the specified user and group.
Configuration is writeable (use Write()
method).
Also values can be set with IConfiguration.SetValue()
method.
The configuration files can be protected with DPAPI module.
On Linux, if the key directory is not set explicitly, it will be set
with DPAPI.AutoConfigure()
method.
On Windows specifying DataProtectionScope
in constructors will make
the configuration protected, that is encrypted in the specified protection scope.
Usage
Create JSON configuration file in main project directory, set its CopyToOutputDirectory
like
<None Update="Config.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
Optionally, for a different configuration for the DEBUG mode, create another file like
<None Update="Config.dev.json">
<CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
</None>
Create the IConfiguration
instance like
var config = new JsonConfig("Config");
Optionally bind the config
instance to configuration object instance with Bind
method,
see included test project for further details.
To use AKV access, create similar Access.json file in main project directory:
{
"VaultUri": "[paste your vault URI here]",
"DirectoryId": "[paste your directory ID here]",
"ApplicationId": "[paste your application ID here]",
"ClientSecret": "[paste your client secret here]"
}
Create instance of the AccessData
data with:
var accessData = new AccessData("Access");
Now you can read configured secrets for the application, also, encrypt and decrypt sensitive data using keys defined as secrets in AKV.
See the XML documentation of the AccessData
class for details.
IMPORTANT: Since the configuration file contains client secret - it is sensitive and when put on a server the access to the file must be restricted!
Such configuration should be created with
DataProtectionScope.LocalMachine
to encrypt it.
Also use DPAPI.RestrictAccess()
to make the protection keys
readable only to the authorized user and group. This will make the
protected data accessible only for authorized users.
When revoking client access is needed, it can be done from the AKV level, without touching the application.
Using credentials encryption provided in this module allows to achieve a kind of DPAPI equivalent on Linux servers. All credentials in application database are encrypted and the keys are stored on AKV. Important thing is when the AKV key is lost - the encrypted credentials will not be readable anymore, so on production environments the encryption keys must be backed up.
Compatibility
The package is compatible with .NET 5.0 or newer. The applications using the module can run both on Windows and Linux. For different systems different protection mechanisms are used. For plain configurations this class works identical on both systems.
This package was thoroughly tested on Windows 11 and Ubuntu 20.
Disclaimer
Please report any issues on GitHub.
Woof Toolkit is a work in progress in constant development, however it's carefully maintained with production code quality.
Product | Versions Compatible and additional computed target framework versions. |
---|---|
.NET | net5.0 is compatible. net5.0-windows was computed. net6.0 was computed. net6.0-android was computed. net6.0-ios was computed. net6.0-maccatalyst was computed. net6.0-macos was computed. net6.0-tvos was computed. net6.0-windows was computed. net7.0 was computed. net7.0-android was computed. net7.0-ios was computed. net7.0-maccatalyst was computed. net7.0-macos was computed. net7.0-tvos was computed. net7.0-windows was computed. net8.0 was computed. net8.0-android was computed. net8.0-browser was computed. net8.0-ios was computed. net8.0-maccatalyst was computed. net8.0-macos was computed. net8.0-tvos was computed. net8.0-windows was computed. |
-
net5.0
- Azure.Identity (>= 1.5.0)
- Azure.Security.KeyVault.Secrets (>= 4.2.0)
- Microsoft.AspNetCore.DataProtection.Extensions (>= 5.0.11)
- Microsoft.Extensions.Configuration.Binder (>= 5.0.0)
- Microsoft.Extensions.Configuration.Json (>= 5.0.0)
- Newtonsoft.Json (>= 13.0.1)
- Woof.Assembly (>= 5.0.1)
- Woof.LinuxAdmin (>= 5.1.1)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
Version | Downloads | Last updated | |
---|---|---|---|
6.2.0-alpha.4 | 156 | 11/30/2021 | |
6.2.0-alpha.3 | 141 | 11/30/2021 | |
6.2.0-alpha.2 | 149 | 11/30/2021 | |
6.2.0-alpha.1 | 150 | 11/30/2021 | |
6.1.3 | 1,412 | 11/28/2021 | |
6.1.2 | 277 | 11/27/2021 | |
6.1.1 | 2,345 | 11/25/2021 | |
6.1.0 | 3,353 | 11/25/2021 | |
6.0.2 | 4,850 | 11/24/2021 | |
6.0.1 | 284 | 11/17/2021 | |
6.0.0 | 296 | 11/9/2021 | |
5.5.3 | 329 | 11/8/2021 | |
5.5.2 | 307 | 11/7/2021 | |
5.5.1 | 307 | 11/7/2021 | |
5.5.0 | 397 | 11/7/2021 | |
5.4.0 | 313 | 11/5/2021 | |
5.2.1 | 423 | 10/25/2021 | |
5.2.0 | 464 | 10/13/2021 | |
5.1.0 | 469 | 10/12/2021 | |
5.0.2 | 478 | 9/29/2021 | |
5.0.1 | 426 | 8/19/2021 | |
5.0.0 | 440 | 8/19/2021 | |
1.0.0 | 484 | 7/29/2021 |
FIX: Windows configuration directory moved to local app data folder.