Key Management

This guide explains how to manage encryption keys.

Best Practices

1. Never store keys in plain text in code
2. Use a secrets manager (Azure Key Vault, AWS Secrets Manager)
3. Regenerate keys periodically
4. Separate test and production keys

Secure Storage

// Example with Azure Key Vault
public class KeyVaultKeyManager
{
    private readonly SecretClient _client;

    public KeyVaultKeyManager(string vaultUri)
    {
        _client = new SecretClient(new Uri(vaultUri), new DefaultAzureCredential());
    }

    public async Task<Keys> GetEncryptionKeys(string keyName)
    {
        var keySecret = await _client.GetSecretAsync($"{keyName}-key");
        var ivSecret = await _client.GetSecretAsync($"{keyName}-iv");

        return new Keys
        {
            Base64Key = keySecret.Value.Value,
            Base64IV = ivSecret.Value.Value
        };
    }
}

See Also

• Basic Concepts
• File Encryption