Skip to content

[C#] AppEncryption v0.10.0

Latest
Latest

Choose a tag to compare

View all tags
@aka-bo aka-bo released this 08 Jan 18:27
· 98 commits to main since this release
csharp/AppEncryption/v0.10.0
2e16fee
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

What's Changed

Major Changes

  • New GoDaddy.Asherah.AppEncryption.PlugIns.Aws package - AWS-specific implementations moved to separate NuGet package for improved modularity and separation of concerns
  • Enhanced KMS configuration - New builder pattern and configuration-based setup with KeyManagementServiceOptions supporting IConfiguration integration and dependency injection
  • OptimizeByRegions() extension method - Runtime KMS region prioritization for multi-region deployments, allowing dynamic optimization based on application deployment region to minimize latency
  • AwsKeyManagementServiceImpl marked obsolete - Legacy implementation deprecated in favor of new KeyManagementService from PlugIns.Aws package

⚠️ Deprecation Notice & Migration ⚠️

The AwsKeyManagementServiceImpl class is now marked [Obsolete] and will be removed in a future release. Applications should migrate to the new KeyManagementService from the GoDaddy.Asherah.AppEncryption.PlugIns.Aws package.

Key Migration Changes

  1. Install new package: GoDaddy.Asherah.AppEncryption.PlugIns.Aws
  2. Update namespace: GoDaddy.Asherah.AppEncryption.KmsGoDaddy.Asherah.AppEncryption.PlugIns.Aws.Kms
  3. Change logger type: ILoggerILoggerFactory
  4. Replace dictionary configuration with builder pattern or configuration-based options

Before (v0.9.0):

using GoDaddy.Asherah.AppEncryption.Kms;

var regionDictionary = new Dictionary<string, string>
{
    { "us-east-1", "arn:aws:kms:us-east-1:123456789012:key/abc" },
    { "us-west-2", "arn:aws:kms:us-west-2:234567890123:key/def" }
};

var kms = AwsKeyManagementServiceImpl.NewBuilder(regionDictionary, "us-east-1")
    .WithCredentials(credentials)
    .WithLogger(logger)
    .Build();

After (v0.10.0):

using GoDaddy.Asherah.AppEncryption.PlugIns.Aws.Kms;

var kms = KeyManagementService.NewBuilder()
    .WithLoggerFactory(loggerFactory)
    .WithRegionKeyArn("us-east-1", "arn:aws:kms:us-east-1:123456789012:key/abc")
    .WithRegionKeyArn("us-west-2", "arn:aws:kms:us-west-2:234567890123:key/def")
    .WithCredentials(credentials)
    .Build();

Configuration-based approach (recommended):

// appsettings.json
{
  "AsherahKmsOptions": {
    "regionKeyArns": [
      { "region": "us-east-1", "keyArn": "arn:aws:kms:us-east-1:123456789012:key/abc" }
    ]
  }
}

// Code
var kmsOptions = Configuration.GetValue<KeyManagementServiceOptions>("AsherahKmsOptions");
var kms = KeyManagementService.NewBuilder()
    .WithLoggerFactory(loggerFactory)
    .WithOptions(kmsOptions)
    .WithCredentials(credentials)
    .Build();

See plugins-upgrade-guide.md for complete migration instructions.

Dependency Updates

  • AWSSDK.DynamoDBv2 (4.0.9.5 → 4.0.9.6)
  • AWSSDK.KeyManagementService (4.0.7 → 4.0.7.1)

Backward Compatibility

Full backward compatibility maintained. The existing AwsKeyManagementServiceImpl continues to function unchanged and can be used alongside the new plugin. Data encrypted with v0.9.0 can be decrypted with v0.10.0 and vice versa—the envelope encryption format is unchanged. Applications can migrate incrementally by suppressing obsolete warnings with #pragma warning disable CS0618 until ready to adopt the new API.

Full Changelog: csharp/AppEncryption/v0.9.0...csharp/AppEncryption/v0.10.0

Assets 2
Loading