/secret-store

Securely manage and store secrets in the Umbraco backoffice

Primary LanguageC#MIT LicenseMIT

Umbraco Secret Store

Umbraco Secret Store

NuGet release Our Umbraco project page

Secret Store allows you to securely manage and store secrets in the Umbraco backoffice.

Values are encrypted and stored in the Umbraco database; with a handy service for access in code, and an admin-only backoffice section to manage them.

Getting started

This package is supported on Umbraco 8.1+.

Installation

Secret Store is available from Our Umbraco, NuGet, or as a manual download directly from GitHub.

Our Umbraco repository

You can find a downloadable package on the Our Umbraco site.

NuGet package repository

To install from NuGet, run the following command in your instance of Visual Studio.

PM> Install-Package Our.Umbraco.SecretStore

Usage

After installation the "Settings" section in the backoffice will show a "Secrets" tree item, where values can be added and removed. Only users with access to the "Settings" section are able to see this option.

For security reasons it is not possible to view secret values in the backoffice, only a list of existing keys and their last updated dates.

To replace the value for an existing key, either:

  • Delete the existing key and add it again with the new value
  • Create a new key with the same name as the existing key - it will replace the existing value

Accessing secrets

To retrieve a secret value in code the ISecretService must be used, like this:

public class ExampleClass
{
    private readonly ISecretService _secretService;

    public ExampleClass(ISecretService secretService)
    {
        _secretService = secretService;
    }

    public void DoSomething()
    {
        var secret = _secretService.GetSecret("SomeSecretKey");
    }
}

This process will cause a database lookup, so it is recommended to cache the result or store it within a Singleton lifetime in the DI container.

Token Provider

By default Secret Store ships with a MachineKeyTokenProvider - using the MachineKey.Protect and MachineKey.Unprotect methods from System.Web.Security to secure values.

An ITokenProvider can be implemented to change the logic to be anything desired, such as using a different encryption algorithm.

The default ITokenProvider used can be replaced within an Umbraco Composer like this:

public class ExampleComposer : IUserComposer
{
    public void Compose(Composition composition)
    {
        composition.RegisterUnique<ITokenProvider, CustomTokenProvider>();
    }
}

Contribution guidelines

To raise a new bug, create an issue on the GitHub repository. To fix a bug or add new features, fork the repository and send a pull request with your changes. Feel free to add ideas to the repository's issues list if you would to discuss anything related to the library.

Who do I talk to?

This project is maintained by Callum Whyte and contributors. If you have any questions about the project please get in touch on Twitter, or by raising an issue on GitHub.

Credits

The Secret Store logo uses the Lock icon from the Noun Project by Enjang Solehudin, licensed under CC BY 3.0 US.

License

Copyright © 2022 Callum Whyte, and other contributors

Licensed under the MIT License.