dotnet-encrypt 2019.12.1

dotnet encrypt

dotnet encrypt is an enterprise grade encryption and key management tool that encrypts and decrypts files from the command line. It uses Crypteron's managed data encryption and key management platform to handle all complexities of key management. By storing your encryption keys outside your application and cloud provider (who already have your databases and compute instances), compliance is simpler and security is improved with no additional effort.

Or put simply,

Don't keep all your eggs in one basket.

Usage

To Encrypt

dotnet encrypt -e -i appsettings.json

If no output file is provided, we will automatically add a .encrypted extension to the encrypted file.

To Decrypt

dotnet encrypt -d -i appsettings.json.encrypted

If no output file is provided, we will automatically remove the .encrypted extension if it exists on the input file. If not, you must explicitly provide the output filename

crypteron encrypt -d -i secrets.txt.enc -o secrets.txt

CLI help

To see all the CLI options:

dotnet encrypt --help

Installation

This tool is distributed in two formats. As a dotnet tool (dotnet encrypt) and also as a standalone binary (dotnet-encrypt). Other than the - in the command, both are designed to do the same thing.

As a dotnet tool

Install from nuget.org by dotnet tool install --global dotnet-encrypt and then run it by dotnet encrypt

As a standalone binary

1. Download the .zip release
2. Extract to a convenient location
3. Run the dotnet-encrypt within

Linux x64 and Windows x64 platforms are supported.

Key Management Setup

For automatic key management to kick in, this tool must authenticate with Crypteron's data security service. To do that:

1. Register this app at https://my.crypteron.com, we do have a free trial for new customers
2. Get your AppSecret from the Crypteron dashboard. This is a glorified API key for authentication
3. Finally, as per your security and operational practices, add the AppSecret to their
   • the environment variable CRYPTERON_APPSECRET OR
   • pass it in by the command line as --appsecret YourAppSecretHere

To set the environment variables on windows, simply issue $env:CRYPTERON_APPSECRET="yourAppSecretHere" in powershell. On linux it's export CRYPTERON_APPSECRET="yourAppSecretHere"

Usage Scenario

Here are some example scenarios but we'd love to hear how this helps you. Or even better, what we can do to improve the tool(s) and services to better serve your business use case.

Securing configuration

Applications today typically have a lot of sensitive data stored in their properties, settings or configuration file(s). These can be database connection strings (logins), password and various secrets. You can use dotnet encrypt to protect these settings inside appsettings.json.encrypted, which is then loaded by Crypteron.SecureConfiguration so that only your production application can observe these settings.

Visit https://www.crypteron.com to learn more or contact us at [email protected] for inquiries.

Black Box workflows

The typical use case is when you have sensitive data in business workflows involving "blackboxes". Blackboxes are software/systems/dataflows you don't control at a level enough to integrate directly using Crypteron's native SDKs.

In such a situation you can use dotnet encrypt to secure data going in or coming out of such black boxes as files (documents, images, json, keys ... anything) from the file system.

Advanced Use Cases

Crypteron supports multiple applications, each with multiple security partitions and each with roles and access controls. For CipherTool, it today simply uses the default security partition's first key version with the default role and default access control rules setup.

Contact us at [email protected] to discuss any advances scenarios we can help for your business.