Stratara.Security 3.1.3

.NET 10.0

dotnet add package Stratara.Security --version 3.1.3

NuGet\Install-Package Stratara.Security -Version 3.1.3

This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package.

<PackageReference Include="Stratara.Security" Version="3.1.3" />

For projects that support PackageReference, copy this XML node into the project file to reference the package.

<PackageVersion Include="Stratara.Security" Version="3.1.3" />
                    

                            Directory.Packages.props

<PackageReference Include="Stratara.Security" />
                    

                            Project file

For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package.

paket add Stratara.Security --version 3.1.3

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

#r "nuget: Stratara.Security, 3.1.3"

#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package.

#:package Stratara.Security@3.1.3

#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package.

#addin nuget:?package=Stratara.Security&version=3.1.3
                    

                            Install as a Cake Addin

#tool nuget:?package=Stratara.Security&version=3.1.3
                    

                            Install as a Cake Tool

The NuGet Team does not provide support for this client. Please contact its maintainers for support.

Stratara.Security

License: FSL-1.1-MIT (Functional Source License — source-available; converts to MIT after 2 years). Not OSI-approved OSS.

Dependency-light key store and envelope encryption for Stratara. Provides a production IKeyStore with KEK-wrapped, versioned per-scope data-encryption keys (rotation, revoke, and crypto-shred), a file-backed master-key provider, and an AES-GCM blob encryptor — referencing only Stratara.Abstractions + BCL crypto. No EF Core, RabbitMQ, Redis, or cloud SDKs in the graph.

Quick start

// appsettings / secrets:
// "Stratara": { "KeyStore": { "MasterKeyBase64": "<openssl rand -base64 32>", "StorePath": "/var/run/secrets/keystore.json" } }

builder.Services.AddStrataraFileKeyStore(builder.Configuration);

// Encrypt a blob bound to a tenant scope + purpose:
var scope = new KeyScope(DataSensitivityLevel.TenantScoped, tenantId: "acme-corp");
await using var encrypted = await encryptor.EncryptAsync(plainStream, scope, purpose: "attachment");
await using var plain = await encryptor.DecryptAsync(encrypted, scope);

What's inside

EnvelopeFileKeyStore (IKeyStore) — random 32-byte DEK per scope/version, KEK-wrapped with AES-256-GCM (wrap AAD bound to the key id, so a wrapped DEK can't be moved to another scope). The store file holds only wrapped DEKs + metadata, never plaintext. RotateAsync adds a version; RevokeAsync makes one version undecryptable; EraseScopeAsync deletes all versions for a scope (GDPR Art. 17 crypto-shred). DEKs are zeroed after use; the store file is written 0600 on Unix.
FileMasterKeyProvider (IMasterKeyProvider) — KEK from MasterKeyBase64, validated to decode to exactly 32 bytes (AES-256) at startup. The custody seam: swap for an HSM / KMS / vault provider later without touching the stored data.
AesGcmSecureBlobEncryptor (ISecureBlobEncryptor) — AES-GCM stream encryption with a purpose-bound AAD ({tenant}||{purpose}) and a versioned, self-describing format (v2 leading byte). Reads legacy streams without the version byte; set Stratara:BlobEncryption:LegacyBlobsCarryPurpose to match the legacy layout.
DummyKeyStore — Development-only deterministic fallback (throws outside Development).

Key id schema

{level}:{tenant}:{user}:v{N} — e.g. TenantScoped:acme-corp::v1. GetOrCreateCurrentKeyAsync returns the highest non-revoked version (creating v1 if none); RotateAsync creates v{N+1}.

Dependencies

Stratara.Abstractions
Stratara.Diagnostics
Microsoft.Extensions.{Configuration,DependencyInjection,Hosting,Logging}.Abstractions
Microsoft.Extensions.Options (+ Options.ConfigurationExtensions)

Product	Compatible and additional computed target framework versions.
.NET	net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed.

Compatible target framework(s)

Included target framework(s) (in package)

Learn more about Target Frameworks and .NET Standard.

net10.0
- Microsoft.Extensions.Configuration.Abstractions (>= 10.0.8)
- Microsoft.Extensions.DependencyInjection.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Hosting.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Logging.Abstractions (>= 10.0.8)
- Microsoft.Extensions.Options (>= 10.0.8)
- Microsoft.Extensions.Options.ConfigurationExtensions (>= 10.0.8)
- Stratara.Abstractions (>= 3.1.3)
- Stratara.Diagnostics (>= 3.1.3)

NuGet packages (2)

Showing the top 2 NuGet packages that depend on Stratara.Security:

Package	Downloads
Stratara.Infrastructure Infrastructure glue for the Stratara framework — authorization decorators, configuration providers, and DI composition helpers that wire Mediator, Outbox, Identity, and EF Core into a hosted app.	594
Stratara.Testing Test doubles and assertion helpers for applications built on the Stratara framework — an in-memory IKeyStore, an in-memory IMessageBus, a preset ISessionContextProvider, deterministic tenant ids, and a given/when/then aggregate rehydration harness. Drop the Postgres/RabbitMQ testcontainers for unit tests.	171

GitHub repositories

This package is not used by any popular GitHub repositories.

Version	Downloads	Last Updated
3.1.3	63	6/10/2026
3.1.2	144	6/5/2026
3.1.1	694	6/1/2026
3.1.0	118	5/30/2026

### Added

- **Mediator tenant-isolation behavior** (`Stratara.Mediator`) — `AddStrataraTenantIsolation()`
registers a pipeline behavior that enforces tenant isolation at the mediator entrance, before the
handler runs, for any request that opts in via the new `ITenantScopedRequest` marker
(`Stratara.Abstractions.Multitenancy`). The behavior compares the request's `TenantId` (data owner)
against the ambient session's data-owner tenant and rejects a mismatch with the new
`TenantAccessDeniedException` (translated to HTTP 403 on ASP.NET hosts). `TenantIsolationMode.Default`
enforces only the subject match (privileged cross-tenant operations pass when the endpoint promoted
the session subject to the target); `TenantIsolationMode.Strict` additionally routes every
cross-tenant operation through the new `ICrossTenantAuthorizer`, whose shipped default denies all
cross-tenant access until a consumer registers its own authorizer. Complements the existing
database-side `ApplyGlobalTenantQueryFilters` with a command-/query-entrance guard. New log-event
IDs `114_101`/`114_102`/`114_003` in `Stratara.Diagnostics`.
- **`Stratara.Abstractions.Persistence.ConcurrencyConflictException`** — provider-agnostic
wrapper for an optimistic-concurrency conflict detected during commit. Allows framework-level
code in `Stratara.Projections` (and any consumer outside the `EntityFrameworkCore` package) to
react to concurrency without taking an EF Core dependency. EF Core's `DbUpdateConcurrencyException`
(and provider equivalents) flow through this type.

### Changed

- **`EfTransaction.SaveChangesAsync`** (in `Stratara.EventSourcing.EntityFrameworkCore`) now
wraps `DbUpdateConcurrencyException` thrown by EF Core in the new
`ConcurrencyConflictException`. PostgreSQL unique-violation paths remain on `DbUpdateException`
(different semantics — duplicate-key on insert vs. stale-row on update/delete).
- **`EventSource.SaveChangesAsync`** (write-side append flow) extends its concurrency-handling
catch to the new exception type so the existing append-conflict recovery path keeps working
after the wrap. Behaviour for both EF concurrency conflicts and PostgreSQL unique violations
is unchanged.

### Fixed

- **`TenantProjection` no longer aborts the event bundle on a parallel delete race.** The two
delete handlers (`TenantDeleted`, `CustomerTenantsDeleted`) now swallow
`ConcurrencyConflictException` silently — a missing row is the desired end-state of a delete.
Before this fix, a consumer-side customer-delete cascade saga that emits both
`CustomerTenantsDeleted` and a follow-up `TenantDeleted` for the same tenants would race the
two parallel projection bundles on the same `TenantView` row; the loser threw
`DbUpdateConcurrencyException` out of `SaveChangesAsync`, which propagated through
`ProjectionWorker` and caused `RabbitMqBus` to roll back the entire bundle — including
sibling projections that had already committed. Update handlers (rename / activate /
deactivate / locale / customer-assigned) keep their current behaviour: a concurrency failure
there is a real race that propagates.