Changelog v3.2.4 (2025-01-03)
Version 3.2.4 (2025-01-03)
DataProtection Key Encryption Options
Added support for encrypting data protection keys at rest using X.509 certificates or Windows DPAPI.
New Configuration Options:
json
json
{
"DataProtection": {
"KeyEncryption": "None",
"CertificatePath": null,
"CertificatePassword": null,
"DpapiLocalMachine": false
}
}Options:
| Option | Description |
|---|---|
KeyEncryption | Encryption method: "None" (default), "Certificate", or "Dpapi" (Windows only) |
CertificatePath | Path to X.509 certificate file (.pfx) when using Certificate encryption |
CertificatePassword | Password for the certificate file (can be null for passwordless certificates) |
DpapiLocalMachine | When using DPAPI, set to true to protect keys to the local machine instead of current user |
Example with Certificate:
json
json
{
"DataProtection": {
"Enabled": true,
"Storage": "Database",
"KeyEncryption": "Certificate",
"CertificatePath": "/path/to/cert.pfx",
"CertificatePassword": "${CERT_PASSWORD}"
}
}Example with DPAPI (Windows only):
json
json
{
"DataProtection": {
"Enabled": true,
"Storage": "FileSystem",
"FileSystemPath": "./keys",
"KeyEncryption": "Dpapi",
"DpapiLocalMachine": true
}
}TsClient Plugin
- Fixed error parsing in generated TypeScript/JavaScript code to skip
response.json()when the response has no body (e.g., 404 responses). The generated code now checksresponse.headers.get("content-length") !== "0"before attempting to parse the error response.
NpgsqlRestClient
- Added
Microsoft.Extensions.Caching.StackExchangeRedisandMicrosoft.AspNetCore.Authentication.JwtBearerpackages to the version display output (--version/-v).