IGETIS.KeyvaultSecret.AspNetCore 1.2.1

IGETIS Keyvault - Complete User Guide

Overview

IGETIS Keyvault is a secure credential and secrets management platform designed specifically for .NET applications. It provides a Secure, Scalable, and Reliable solution for managing API authentication and storing configuration secrets that are automatically imported into your .NET project's appsettings at runtime.

Key Purpose: IGETIS Keyvault enables you to securely store and consume key-value pairs in your .NET applications without hardcoding sensitive information in your source code or configuration files.

How It Works:

1. My API & Keys: Provides authentication credentials for your application to access the vault
2. My Secrets: Stores your application's sensitive configuration values (database connections, API keys, etc.)
3. Runtime Integration: Your .NET application uses the API credentials to securely fetch secrets at runtime
4. Dynamic Configuration: Secrets are loaded directly into your application's configuration, replacing static appsettings values

---

Getting Started

1. Creating Your Account

Step 1: Access the Registration Page

• Navigate to the IGETIS Keyvault Authentication Portal
• Click the "Register" link at the bottom of the login form

Step 2: Fill Out Registration Information

• First Name: Enter your first name
• Last Name: Enter your last name
• Email Address: Provide a valid email address (you'll need to verify this)
• Password: Create a strong password
• Confirm Password: Re-enter your password to confirm
• Terms & Privacy: Check the box to accept the terms and privacy policy
• Click the "Register" button

Step 3: Email Verification

• After successful registration, you'll see: "Registration successful! Please check your email to confirm your account."
• Check your email inbox for a verification message from IGETIS Keyvault
• Click the "Validate my account" button in the email
• If the button doesn't work, copy and paste the provided link into your browser

Step 4: Account Activation

• Once verified, your account will be activated and ready to use

---

2. Logging Into Your Account

Step 1: Access the Login Page

• Go to the IGETIS Keyvault Authentication Portal
• You'll see the login form on the right side of the screen

Step 2: Enter Your Credentials

• Email: Enter the email address you registered with
• Password: Enter your account password
• Click the "Login" button

Step 3: Forgot Password (if needed)

• If you can't remember your password, click "Forgot password?"
• Enter your email address to receive a reset link
• Check your email and follow the password reset instructions

---

Main Dashboard Navigation

Understanding the Interface

After logging in, you'll land directly on the "My API & Keys" page. IGETIS Keyvault provides two main features accessible through the left sidebar:

Navigation Menu:

• Dashboard: Overview and main navigation
• My API & Keys: Manage API tokens and authentication keys
• My Secrets: Store and manage configuration secrets and sensitive values
• My Profile: Account settings and personal information

---

Feature 1: My API & Keys

Understanding API Keys for .NET Integration

The "My API & Keys" feature provides the authentication credentials that your .NET application needs to securely connect to IGETIS Keyvault and retrieve secrets at runtime.

Purpose in .NET Applications:

• Authentication: Provides the credentials your application uses to authenticate with the vault
• Project Organization: Groups related applications and their associated secrets
• Environment Separation: Different API keys for development, staging, and production environments
• Access Control: Enable/disable vault access without changing application code

Key Elements:

• Top Navigation: Shows your current location (Home > My API & Keys)
• Tenant ID: Your unique tenant identifier is displayed prominently
• Search Bar: Quickly find API keys by project name or Client ID
• Add New API Key Button: Blue button in the top-right corner
• API Keys Table: Displays all your existing API keys with the following columns:
  • Project: The name/identifier of your project
  • Client ID: Unique identifier for each API key
  • Secret: Masked secret key for security
  • Status: Current status (Active/Inactive)
  • Last Updates: When the key was last modified
  • Actions: Additional options (indicated by "..." menu)

Navigation Elements:

• Left Sidebar: Contains navigation icons for different sections
• User Profile: Access your account settings via the profile icon in the top-right
• Theme Toggle: Switch between light and dark modes
• Notifications: Bell icon for system notifications

---

Managing API Keys

Creating a New API Key

Step 1: Initiate Creation

• From the main dashboard, click the "+ Add New API Key" button in the top-right corner

Step 2: Fill Out the New API Token Form

• A modal window will appear titled "New API Token"
• Project Field: Enter a descriptive name for your project or API key
  • Choose a name that clearly identifies the purpose or application
  • Examples: "Mobile App v2", "Website Integration", "Data Analytics Tool"

Step 3: Complete Creation

• Click the "Add" button to create the API key
• Click "Cancel" if you want to abort the process
• Once created, your new API key will appear in the main table

Step 4: Save Your Credentials

• Important: Make sure to copy and securely store your Client ID and Secret
• The secret key will be masked in the interface for security
• Store these credentials in a secure location as you'll need them for API integration

---

Managing Existing API Keys

Viewing Your Keys

• All your API keys are displayed in the main table
• Use the search bar to quickly find specific keys by project name or Client ID
• The table shows key information at a glance: project name, client ID, status, and last update

API Key Actions Menu Each API key has an actions menu (three dots "...") in the rightmost column that provides several management options:

1. Export (Appsetting.json)

• Purpose: Downloads a ready-to-use configuration file for .NET project integration
• How to use: Click "Export (Appsetting.json)" from the actions menu
• What you get: A JSON configuration file with the vault connection settings:

  {
    "KeyVaultConfiguration": {
      "Secrets": "YOUR_SECRET_HERE",
      "TenantId": "YOUR_TENANT_ID", 
      "ClientId": "YOUR_CLIENT_ID"
    }
  }
  

• .NET Integration: Add this configuration to your appsettings.json file
• Runtime Connection: Your application uses these credentials to connect to the vault and retrieve secrets
• Benefits: Eliminates manual copying errors and provides proper JSON formatting for .NET configuration

2. Deactivate

• Purpose: Temporarily disables an API key without deleting it
• When to use: When you want to pause API access temporarily or troubleshoot issues
• Effect: Changes status from "ACTIVE" to "INACTIVE"
• Reversible: You can reactivate the key later if needed
• Security: Deactivated keys will not work for API calls, providing immediate access control

3. Remove

• Purpose: Permanently deletes the API key from your account
• Warning: This action is irreversible - displayed in red to indicate it's destructive
• When to use: When you no longer need the API key and want to clean up your account
• Effect: Completely removes the key from your dashboard and disables all API access
• Security: Immediately revokes all access associated with this key

Key Status Management

• Active: The API key is currently functional and can be used for API calls
• Inactive: The key is disabled and won't work for API calls (can be reactivated)
• Monitor the "Last Updates" column to track when keys were modified

Pagination

• If you have many API keys, use the pagination controls at the bottom
• The interface shows "1 to 3 items of 3" format to indicate your current view
• Navigate between pages using the numbered pagination buttons

---

Feature 2: My Secrets

Understanding Secrets for .NET Runtime Configuration

The "My Secrets" feature is where you store all the sensitive configuration values that your .NET application needs at runtime. Instead of hardcoding these values in appsettings.json, they are securely stored in the vault and retrieved dynamically.

Key Concepts for .NET Development:

• Runtime Secret Loading: Secrets are fetched and loaded into your application's configuration at startup
• Dynamic Configuration: Replace static appsettings values with secure, centralized secret management
• Project-Based Organization: Secrets are organized under projects (matching your API keys)
• Key-Value Structure: Each secret maps directly to configuration keys your .NET application expects
• Environment Management: Store different secret values for different deployment environments

Common .NET Use Cases:

• Database Connection Strings: Store connection strings securely instead of in appsettings.json
• Third-Party API Keys: Email services, payment gateways, external APIs
• Application Secrets: JWT signing keys, encryption keys, service passwords
• Feature Flags: Configuration values that control application behavior
• Environment-Specific Settings: Different values for development, staging, and production

Accessing My Secrets

Navigation:

• Click "My Secrets" in the left sidebar under the "FEATURES" section
• You'll see the secrets dashboard with all your stored key-value pairs

Interface Elements:

• Breadcrumb Navigation: Shows "Home > My Secrets"
• Tenant ID: Your unique tenant identifier (same across all features)
• Search Bar: Find secrets by key name or Client ID
• Add New Secret Button: Blue "+ New Secret" button in the top-right
• Secrets Table: Displays all secrets with columns:
  • Client ID: Links to the associated project
  • Key: The secret's descriptive name
  • Value: The secret value (masked for security)
  • Status: Active/Inactive status
  • Last Updates: When the secret was last modified
  • Actions: Management options (three dots menu)

Creating New Secrets

Step 1: Initiate Secret Creation

• From the My Secrets dashboard, click "+ New Secret" button

Step 2: Fill Out the Secret Form

• Projects Dropdown: Select the project that matches your .NET application
  • Choose the same project you created API keys for
  • This links the secret to the correct authentication context
• Key Field: Enter the configuration key name as it appears in your .NET application
  • Important: Use the exact same key names your application expects
  • Examples:
    • ConnectionStrings:DefaultConnection (for database connections)
    • EmailSettings:ApiKey (for email service API keys)
    • PaymentGateway:SecretKey (for payment processing)
    • JwtSettings:SecretKey (for JWT token signing)
• Value Field: Enter the actual secret value
  • Database connection strings, API keys, passwords, etc.
  • Supports complex values like full connection strings or JSON configurations

Step 3: Save Your Secret

• Click "Add" to create the secret
• Click "Cancel" to abort the process
• The new secret will appear in your secrets table with "ACTIVE" status

Managing Existing Secrets

Viewing Your Secrets

• All secrets are displayed in a table format organized by project
• Values are masked with asterisks (*) for security
• Use the search function to quickly locate specific secrets
• Monitor the "Last Updates" column to track modifications

Secret Actions Menu Each secret has an actions menu (three dots "...") with the following options:

1. Edit

• Purpose: Modify the secret's key name or value
• When to use: Update API keys, change configuration values, or fix typos
• Process: Opens the same form used for creation, pre-filled with current values
• Security: Allows you to update sensitive values without recreating the entire secret

2. Deactivate

• Purpose: Temporarily disable a secret without deleting it
• When to use: During troubleshooting, maintenance, or when temporarily switching to different values
• Effect: Changes status from "ACTIVE" to "INACTIVE"
• Reversible: Can be reactivated later when needed
• Application Impact: Applications won't be able to retrieve deactivated secrets

3. Remove

• Purpose: Permanently delete the secret from your account
• Warning: This action is irreversible - displayed in red text
• When to use: When the secret is no longer needed or contains outdated information
• Effect: Completely removes the secret from your dashboard
• Security: Immediately revokes access to this secret value

.NET Application Integration Workflow

Complete Integration Process

Prerequisites:

• A valid IGETIS Keyvault account
• Access to your Tenant ID, Client ID, and Secret (from the vault platform)
• A working .NET 6+ project

Step 1: Set Up Your Vault Structure

1. Create a project in "My API & Keys" (e.g., "MyApp-Production")
2. Generate API credentials and export the appsettings.json configuration
3. Add secrets to "My Secrets" under the same project

Step 2: Install the NuGet Package Install the official IGETIS Keyvault package in your .NET project:

dotnet add package IGETIS.Keyvaults.AspNetCore

Step 3: Configure Your .NET Application

1. Add the exported KeyVaultConfiguration to your appsettings.json:

   {
     "KeyVaultConfiguration": {
       "Secrets": "YOUR_SECRET_HERE",
       "TenantId": "YOUR_TENANT_ID",
       "ClientId": "YOUR_CLIENT_ID"
     }
   }
   

   Notes:

   • TenantId: Your unique organization identifier in IGETIS Keyvault
   • ClientId: Identifier for your registered application
   • Secrets: Generated key from IGETIS Keyvault when creating a resource

2. Configure the vault service in your Program.cs:

   var request = new IgetisKeyvaultCredentials
   {
       Secrets = builder.Configuration.GetSection("KeyVaultConfiguration")["Secrets"],
       TenantId = builder.Configuration.GetSection("KeyVaultConfiguration")["TenantId"],
       ClientId = builder.Configuration.GetSection("KeyVaultConfiguration")["ClientId"]
   };
   
   var client = new IgetisKeyvaults(request);
   builder.Services.AddHttpClient();
   builder.Configuration.AddIgetisRemoteConfiguration(client.GetProjectKeys());
   

Step 4: Runtime Secret Consumption

1. Your application automatically connects to IGETIS Keyvault using the credentials
2. All secrets from your vault project are loaded into the configuration at startup
3. Access secrets through standard .NET configuration patterns:

   // Example: Accessing any secret stored in the vault
   var myApiKey = builder.Configuration["MySecretApiKey"];
   
   // Example: Accessing a database connection string
   var connectionString = builder.Configuration["ConnectionStrings:DefaultConnection"];
   
   // Example: Accessing nested configuration values
   var emailApiKey = builder.Configuration["EmailSettings:ApiKey"];
   

Step 5: Environment Management

• Development: Create "MyApp-Development" project with development secrets
• Staging: Create "MyApp-Staging" project with staging secrets
• Production: Create "MyApp-Production" project with production secrets
• Use different appsettings files or environment variables to switch between vault configurations

Benefits of This Approach

Security Benefits:

• No Secrets in Source Code: Sensitive values never appear in your codebase
• No Secrets in Config Files: appsettings.json only contains vault connection info
• Centralized Management: All secrets managed through IGETIS Keyvault interface
• Access Control: Enable/disable access without code deployment
• Audit Trail: Track when secrets are updated through "Last Updates" column

Development Benefits:

• Easy Updates: Change secrets without redeploying applications
• Environment Consistency: Same application code works across all environments
• Team Collaboration: Share access to secrets without sharing values directly
• Configuration Management: Organize secrets by project and environment
• Automatic Loading: Secrets are available immediately through standard .NET Configuration API

Technical Benefits:

• Seamless Integration: Works with existing .NET configuration patterns
• No Code Changes: Access secrets using familiar builder.Configuration["key"] syntax
• Runtime Loading: Secrets loaded at application startup
• HTTP Client Integration: Built-in HTTP client support for secure communication

---

Search and Organization

Using the Search Function

• Location: Search bar is prominently located at the top of the API keys table
• Search Criteria: You can search by:
  • Project name (e.g., "TEST TOKEN", "MAINSITE")
  • Client ID (the long alphanumeric identifier)
• How to Search:
  • Click in the search bar
  • Type your search term
  • Results will filter automatically as you type

Understanding Your Tenant ID

• Your unique Tenant ID is displayed prominently on the page
• Format: Long alphanumeric string (e.g., "00FF5CAD-F227-4E7A-BA7E-D292D64A3477")
• This ID is important for API integration and technical support
• Keep this ID secure and available for reference

---

Best Practices

Security Recommendations

1. Protect Your Credentials: Never share your API keys or Client IDs publicly
2. Regular Review: Periodically review your API keys and deactivate unused ones
3. Descriptive Naming: Use clear, descriptive project names for easy identification
4. Strong Passwords: Use a strong, unique password for your IGETIS Keyvault account
5. Email Security: Keep your registered email account secure as it's used for password resets

Organization Tips

1. Consistent Naming: Develop a naming convention for your projects
2. Regular Cleanup: Remove or deactivate API keys you no longer need
3. Documentation: Keep a record of what each API key is used for
4. Monitor Usage: Check the "Last Updates" column to identify inactive keys

---

Troubleshooting

Common Issues and Solutions

Login Problems

• Issue: "We can't find this email"
• Solution: Verify your email address spelling or create a new account if needed

Registration Issues

• Issue: "This email is already in use"
• Solution: Use the login form instead, or reset your password if you forgot it

Email Verification

• Issue: Didn't receive verification email
• Solution: Check your spam folder, or try registering again

Password Reset

• Issue: Reset link expired
• Solution: Request a new password reset link

API Key Management

• Issue: Can't find a specific API key
• Solution: Use the search function or check pagination if you have many keys

Configuration Export

• Issue: Need to integrate API key into application
• Solution: Use the "Export (Appsetting.json)" action for ready-to-use configuration files

Key Status Issues

• Issue: API key not working in application
• Solution: Check if the key is "ACTIVE" - use "Deactivate/Activate" to toggle status

Accidental Deletion

• Issue: Accidentally clicked "Remove"
• Solution: "Remove" is permanent for both API keys and secrets - you'll need to create new ones. Use "Deactivate" for temporary disabling instead

Secrets Management

• Issue: Can't find a specific secret
• Solution: Use the search function by key name or check if it's under the correct project

Project Dependencies

• Issue: Want to create secrets but no projects available in dropdown
• Solution: Create projects first in the "My API & Keys" section, then return to "My Secrets"

Secret Values

• Issue: Need to view or update a secret value
• Solution: Use the "Edit" action from the three dots menu to view and modify secret values

Cross-Feature Integration

• Issue: Confusion about the relationship between API keys and secrets
• Solution: API keys provide authentication credentials for your .NET app to connect to the vault; secrets store the actual configuration values your app consumes at runtime

.NET Integration Issues

• Issue: Application can't connect to vault
• Solution: Verify the KeyVaultConfiguration in appsettings.json matches the exported configuration, ensure the API key is "ACTIVE", and confirm you have internet connectivity

Configuration Key Mapping

• Issue: .NET application can't find expected configuration values
• Solution: Ensure secret key names in the vault exactly match the configuration keys your .NET application expects (case-sensitive)

NuGet Package Issues

• Issue: Package installation fails or compilation errors
• Solution: Ensure you're using .NET 6+ and the correct package name: IGETIS.Keyvaults.AspNetCore

Runtime Loading Issues

• Issue: Secrets not available at runtime
• Solution: Verify that AddIgetisRemoteConfiguration(client.GetProjectKeys()) is called before building the configuration, and check that the vault project contains the expected secrets

Getting Help

• Technical Support: Contact IGETIS support if you encounter technical issues
• Account Issues: Use the password reset function for login problems
• Feature Questions: Refer to this user guide or contact support for additional assistance

---

Account Management

Profile and Settings

• Access your account settings through the profile icon in the top-right corner
• Update your personal information, change passwords, and manage account preferences
• Monitor your account activity and security settings

Theme Customization

• Use the theme toggle button to switch between light and dark modes
• Choose the theme that's most comfortable for your work environment

---

Conclusion

IGETIS Keyvault provides a comprehensive, secure solution specifically designed for .NET applications to manage secrets and configuration at runtime. This eliminates the need to store sensitive information in source code or configuration files.

Complete .NET Integration Solution:

My API & Keys:

• Provides authentication credentials for your .NET application to connect to the vault
• Exports ready-to-use appsettings.json configuration
• Enables secure runtime communication between your app and the vault
• Supports environment-specific access control

My Secrets:

• Stores all sensitive configuration values your .NET application needs
• Maps directly to your application's configuration structure
• Enables dynamic secret loading at runtime
• Supports complex configuration scenarios

Key Benefits for .NET Developers:

• No Hardcoded Secrets: Keep sensitive values out of source code and config files
• Runtime Configuration: Secrets are loaded dynamically when your application starts
• Environment Management: Easy switching between development, staging, and production configurations
• Centralized Control: Update secrets without redeploying applications
• Team Collaboration: Share vault access without sharing actual secret values
• Enhanced Security: Centralized secret management with access control and audit trails

By following this guide, you can:

• Set up secure vault authentication for your .NET applications
• Store and organize secrets that map to your application's configuration needs
• Implement a complete runtime secret management solution
• Maintain security best practices across development environments
• Troubleshoot common integration issues

IGETIS Keyvault transforms how .NET applications handle sensitive configuration, moving from static file-based secrets to secure, dynamic runtime secret management. This approach significantly improves application security while simplifying deployment and configuration management across different environments.

For additional support, .NET-specific integration examples, or advanced configuration scenarios, contact the IGETIS support team:

• Email: support@igetis.online
• Full Documentation: https://keyvault.igetis.online/docs/developper/IGETIS_Keyvault_User_Guide.html
• Account Access: https://keyvault.igetis.online/Home/Login