Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Securing data in Polly cache

See original GitHub issue

Summary: What are you wanting to achieve? When data is stored in a cache, you can retrieve it if you have access and an appropriate key, but depending on the nature of the data it might be important to encrypt it in some manner.

ASP.NET Core introduces interfaces to help with this IDataProtectionProvider/IDataProtector. This allows you to encrypt/decrypt the data stored in the cache in a secure manner for the app/purpose.

Here’s an example usage where access tokens are cached encrypted

What code or approach do you have so far?
Here’s a rough mock up of what I think it should be…

IDataProtectionProvider provider = services.GetRequiredService<IDataProtectionProvider>();
var dataProtector = provider.CreateProvider("Foo")
var cachePolicy = Policy.Cache<byte[]>(distributedCache.AsSyncCacheProvider<byte[]>(), dataProtector, TimeSpan.FromMinutes(5));

Alternatively we could inject the provider and purpose

IDataProtectionProvider provider = services.GetRequiredService<IDataProtectionProvider>();
var cachePolicy = Policy.Cache<byte[]>(distributedCache.AsSyncCacheProvider<byte[]>(), provider, "Foo", TimeSpan.FromMinutes(5));

Thoughts/comments?

Issue Analytics

State:
Created 4 years ago
Comments:6 (3 by maintainers)

Top GitHub Comments

1reaction

phatchercommented, Apr 26, 2019

@reisenberger Yes, something like that, the encryption is just a decorator around the cache serialization. How you get to the correct IDataProtectionProvider is a setup issue anyway, so its fine.

I’m not sure how long an IDataProtector is supposed to live for, so I might change it to something like this…

DataProtectionSerializer : ICacheItemSerializer<TUnecnrypted, TEncrypted>
{
    private IDataProtectonProvicer _provider;
    private string _purpose;

    public DataProtectionSerializer(IDataProtectionProvider protector, string purpose)
    {
      _provider = provider; /* add null defence */
      _purpose = purpose; /* add null defence */
    }

    TEncrypted Serialize(TUnecnrypted objectToSerialize) => Protector.Protect(objectToSerialize);
    TUnecnrypted Deserialize(TEncrypted objectToDeserialize) => Protector.Unprotect(objectToDeserialize);

    private IDataProtector Prototector => _provider.CreateProtector(_purpose);
}

I’ll have a play and if it works nicely, I’ll update the documentation pages - might take me a few days

0reactions

reisenbergercommented, Jun 26, 2019

Np.

Top Results From Across the Web

What is Polly? The .NET resilience framework

The Polly Cache supports multiple time-to-live (TTL) strategies, including relative, absolute, sliding and result. The result strategy is used in scenarios when ...

Polly cache policy is not adding values to the cache

I'm at a loss with using the cache policy from the Polly project. I've set up all according to the examples, and it...

Creating Resilient Microservices in .NET with Polly

Resilient microservices can be a challenging endeavour. We look at how the .NET library Polly helps us overcome some of the common problems....

Amazon File Cache – A High Performance Cache On AWS ...

Voiced by Polly ... First, File Cache encrypts data at rest and supports encryption of data in transit. Your data is always encrypted...

Retry guidance for Azure services

Azure Cache for Redis is a fast data access and low latency cache service based on the popular open-source Redis cache. It's secure,...