ProMilesV5.SharedEncryption 0.1.2 

Install-Package ProMilesV5.SharedEncryption -Version 0.1.2
dotnet add package ProMilesV5.SharedEncryption --version 0.1.2
<PackageReference Include="ProMilesV5.SharedEncryption" Version="0.1.2" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
paket add ProMilesV5.SharedEncryption --version 0.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support. 
#r "nuget: ProMilesV5.SharedEncryption, 0.1.2"
#r directive can be used in F# Interactive, C# scripting and .NET Interactive. Copy this into the interactive tool or source code of the script to reference the package. 
// Install ProMilesV5.SharedEncryption as a Cake Addin
#addin nuget:?package=ProMilesV5.SharedEncryption&version=0.1.2

// Install ProMilesV5.SharedEncryption as a Cake Tool
#tool nuget:?package=ProMilesV5.SharedEncryption&version=0.1.2
The NuGet Team does not provide support for this client. Please contact its maintainers for support.

ProMilesV5.SharedEncryption

C# Class Library (.NET 8) for field-level AES-256-GCM encryption/decryption, published as a NuGet package.

Purpose

Consumers call only Encrypt(string) / Decrypt(string). All crypto and key management are internal. Key version caching and rotation are handled inside the library.

Configuration

Read from environment variables only — no appsettings, no consumer configuration.

Variable Description
KeyVaultUri Azure Key Vault URI
KeyName Key name in Key Vault
ManagedIdentityClientId User-Assigned Managed Identity client ID (optional)

When KeyVaultUri is absent, the library uses a DEV ONLY hardcoded fallback key. See Dev Fallback below.

Authentication

DefaultAzureCredential → User-Assigned Managed Identity.

Ciphertext Format

Base64 blob: {keyVersion}:{iv}:{ciphertext}

Public API

  • IEncryptionService: Encrypt(string), Decrypt(string) only.
  • No Key Vault types exposed publicly.

Build

dotnet build

Test

dotnet test

Pack & Push

# Pack (output to ./nupkgs)
dotnet pack -c Release -o ./nupkgs

# Push to NuGet.org
dotnet nuget push ./nupkgs/ProMilesV5.SharedEncryption.*.nupkg --api-key YOUR_API_KEY --source https://api.nuget.org/v3/index.json

# Push to Azure Artifacts (replace feed URL and PAT)
dotnet nuget push ./nupkgs/ProMilesV5.SharedEncryption.*.nupkg --api-key YOUR_PAT --source https://pkgs.dev.azure.com/ORG/PROJECT/_packaging/FEED/nuget/v3/index.json

Usage (after package publish)

<PackageReference Include="ProMilesV5.SharedEncryption" Version="0.1.2" />

// Register and use IEncryptionService
var encrypted = await encryptionService.Encrypt(plaintext);
var decrypted = await encryptionService.Decrypt(encrypted);

Key Dependencies

  • Azure.Security.KeyVault.Keys
  • Azure.Identity
  • System.Security.Cryptography (built-in)

Deployment

Environment variables are injected as Kubernetes Secrets by DevOps/IT. Consuming developers do not set or manage these values.

Variable Set By
KeyVaultUri DevOps (K8s Secret)
KeyName DevOps (K8s Secret)
ManagedIdentityClientId DevOps (K8s Secret)

Dev Fallback

DEV ONLY — When KeyVaultUri is not set, the library uses a baked-in 32-byte AES-256 key. Never use in production.

  • keyVersion sentinel: "dev" — identifies blobs encrypted with the dev key
  • Production safeguard: When Key Vault is configured, decrypting "dev"-versioned blobs throws InvalidOperationException ("Dev-encrypted data cannot be decrypted in a Key Vault environment.") — prevents dev data leaking into production

Development

  • Target: .NET 8.0
  • Nullable and implicit usings enabled

License

© 2026 ProMiles Online. All rights reserved. Internal use only.

NuGet packages

This package is not used by any NuGet packages.

Version Downloads Last updated
0.1.2 0 3/19/2026
0.1.0 0 3/19/2026