Complete User Guide

Your comprehensive guide to secure .NET secrets management

Secure. Scalable. Reliable. - Transform your .NET application security with runtime secrets management

Table of Contents

Overview

IGETIS Keyvault is a secure credential and secrets management platform designed specifically for .NET applications. It provides a Secure, Scalable, and Reliable solution for managing API authentication and storing configuration secrets that are automatically imported into your .NET project's appsettings at runtime.

Key Purpose

IGETIS Keyvault enables you to securely store and consume key-value pairs in your .NET applications without hardcoding sensitive information in your source code or configuration files.

How It Works

1. My API & Keys

Provides authentication credentials for your application to access the vault

2. My Secrets

Stores your application's sensitive configuration values (database connections, API keys, etc.)

3. Runtime Integration

Your .NET application uses the API credentials to securely fetch secrets at runtime

4. Dynamic Configuration

Secrets are loaded directly into your application's configuration, replacing static appsettings values

Getting Started

Creating Your Account

Step 1: Access the Registration Page

  • Navigate to the IGETIS Keyvault Authentication Portal
  • Click the "Register" link at the bottom of the login form

Step 2: Fill Out Registration Information

  • First Name: Enter your first name
  • Last Name: Enter your last name
  • Email Address: Provide a valid email address (you'll need to verify this)
  • Password: Create a strong password
  • Confirm Password: Re-enter your password to confirm
  • Terms & Privacy: Check the box to accept the terms and privacy policy
  • Click the "Register" button
Step 3: Email Verification
After successful registration, you'll see: "Registration successful! Please check your email to confirm your account."
  • Check your email inbox for a verification message from IGETIS Keyvault
  • Click the "Validate my account" button in the email
  • If the button doesn't work, copy and paste the provided link into your browser

Logging Into Your Account

Step 1: Access the Login Page

  • Go to the IGETIS Keyvault Authentication Portal
  • You'll see the login form on the right side of the screen

Step 2: Enter Your Credentials

  • Email: Enter the email address you registered with
  • Password: Enter your account password
  • Click the "Login" button

Forgot Password?

If you can't remember your password, click "Forgot password?"

  • Enter your email address to receive a reset link
  • Check your email and follow the password reset instructions
Feature 1: My API & Keys

Understanding API Keys for .NET Integration

The "My API & Keys" feature provides the authentication credentials that your .NET application needs to securely connect to IGETIS Keyvault and retrieve secrets at runtime.

Purpose in .NET Applications:

  • Authentication: Provides the credentials your application uses to authenticate with the vault
  • Project Organization: Groups related applications and their associated secrets
  • Environment Separation: Different API keys for development, staging, and production environments
  • Access Control: Enable/disable vault access without changing application code

Creating a New API Key

Step 1: Initiate Creation

From the main dashboard, click the "+ Add New API Key" button in the top-right corner

Step 2: Fill Out the New API Token Form

  • Project Field: Enter a descriptive name for your project or API key
  • Choose a name that clearly identifies the purpose or application
  • Examples: "Mobile App v2", "Website Integration", "Data Analytics Tool"

Step 3: Complete Creation

  • Click the "Add" button to create the API key
  • Click "Cancel" if you want to abort the process
  • Once created, your new API key will appear in the main table
Important: Make sure to copy and securely store your Client ID and Secret. The secret key will be masked in the interface for security. Store these credentials in a secure location as you'll need them for API integration.

Managing Existing API Keys

API Key Actions Menu

Each API key has an actions menu (three dots "...") in the rightmost column that provides several management options:

1. Export (Appsetting.json)

  • Purpose: Downloads a ready-to-use configuration file for .NET project integration
  • How to use: Click "Export (Appsetting.json)" from the actions menu
  • What you get: A JSON configuration file with the vault connection settings
  • .NET Integration: Add this configuration to your appsettings.json file
  • Runtime Connection: Your application uses these credentials to connect to the vault and retrieve secrets
{
"KeyVaultConfiguration": { "Secrets": "YOUR_SECRET_HERE", "TenantId": "YOUR_TENANT_ID", "ClientId": "YOUR_CLIENT_ID" } }

2. Deactivate

  • Purpose: Temporarily disables an API key without deleting it
  • When to use: When you want to pause API access temporarily or troubleshoot issues
  • Effect: Changes status from "ACTIVE" to "INACTIVE"
  • Reversible: You can reactivate the key later if needed
  • Security: Deactivated keys will not work for API calls, providing immediate access control

3. Remove

  • Purpose: Permanently deletes the API key from your account
  • Warning: This action is irreversible - displayed in red to indicate it's destructive
  • When to use: When you no longer need the API key and want to clean up your account
  • Effect: Completely removes the key from your dashboard and disables all API access
  • Security: Immediately revokes all access associated with this key
Feature 2: My Secrets

Understanding Secrets for .NET Runtime Configuration

The "My Secrets" feature is where you store all the sensitive configuration values that your .NET application needs at runtime. Instead of hardcoding these values in appsettings.json, they are securely stored in the vault and retrieved dynamically.

Key Concepts for .NET Development:

  • Runtime Secret Loading: Secrets are fetched and loaded into your application's configuration at startup
  • Dynamic Configuration: Replace static appsettings values with secure, centralized secret management
  • Project-Based Organization: Secrets are organized under projects (matching your API keys)
  • Key-Value Structure: Each secret maps directly to configuration keys your .NET application expects
  • Environment Management: Store different secret values for different deployment environments

Common .NET Use Cases:

  • Database Connection Strings: Store connection strings securely instead of in appsettings.json
  • Third-Party API Keys: Email services, payment gateways, external APIs
  • Application Secrets: JWT signing keys, encryption keys, service passwords
  • Feature Flags: Configuration values that control application behavior
  • Environment-Specific Settings: Different values for development, staging, and production

Creating New Secrets

Step 1: Initiate Secret Creation

From the My Secrets dashboard, click "+ New Secret" button

Step 2: Fill Out the Secret Form

Projects Dropdown:

Select the project that matches your .NET application

  • Choose the same project you created API keys for
  • This links the secret to the correct authentication context

Key Field:

Enter the configuration key name as it appears in your .NET application

Important: Use the exact same key names your application expects

Examples:

  • ConnectionStrings:DefaultConnection (for database connections)
  • EmailSettings:ApiKey (for email service API keys)
  • PaymentGateway:SecretKey (for payment processing)
  • JwtSettings:SecretKey (for JWT token signing)

Value Field:

Enter the actual secret value

  • Database connection strings, API keys, passwords, etc.
  • Supports complex values like full connection strings or JSON configurations

Step 3: Save Your Secret

  • Click "Add" to create the secret
  • Click "Cancel" to abort the process
  • The new secret will appear in your secrets table with "ACTIVE" status

Managing Existing Secrets

Secret Actions Menu

Each secret has an actions menu (three dots "...") with the following options:

1. Edit

  • Purpose: Modify the secret's key name or value
  • When to use: Update API keys, change configuration values, or fix typos
  • Process: Opens the same form used for creation, pre-filled with current values
  • Security: Allows you to update sensitive values without recreating the entire secret

2. Deactivate

  • Purpose: Temporarily disable a secret without deleting it
  • When to use: During troubleshooting, maintenance, or when temporarily switching to different values
  • Effect: Changes status from "ACTIVE" to "INACTIVE"
  • Reversible: Can be reactivated later when needed
  • Application Impact: Applications won't be able to retrieve deactivated secrets

3. Remove

  • Purpose: Permanently delete the secret from your account
  • Warning: This action is irreversible - displayed in red text
  • When to use: When the secret is no longer needed or contains outdated information
  • Effect: Completely removes the secret from your dashboard
  • Security: Immediately revokes access to this secret value
.NET Application Integration

Complete Integration Process

Prerequisites:

  • A valid IGETIS Keyvault account
  • Access to your Tenant ID, Client ID, and Secret (from the vault platform)
  • A working .NET 6+ project

Step 1: Set Up Your Vault Structure

  1. Create a project in "My API & Keys" (e.g., "MyApp-Production")
  2. Generate API credentials and export the appsettings.json configuration
  3. Add secrets to "My Secrets" under the same project

Step 2: Install the NuGet Package

Install the official IGETIS Keyvault package in your .NET project:

dotnet add package IGETIS.Keyvaults.AspNetCore

Step 3: Configure Your .NET Application

1. Add Configuration to appsettings.json:

{
"KeyVaultConfiguration": { "Secrets": "YOUR_SECRET_HERE", "TenantId": "YOUR_TENANT_ID", "ClientId": "YOUR_CLIENT_ID" } }
Notes:
  • TenantId: Your unique organization identifier in IGETIS Keyvault
  • ClientId: Identifier for your registered application
  • Secrets: Generated key from IGETIS Keyvault when creating a resource

2. Configure the vault service in your Program.cs:

var request = new IgetisKeyvaultCredentials
{
Secrets = builder.Configuration.GetSection("KeyVaultConfiguration")["Secrets"],
TenantId = builder.Configuration.GetSection("KeyVaultConfiguration")["TenantId"],
ClientId = builder.Configuration.GetSection("KeyVaultConfiguration")["ClientId"]
};

var client = new IgetisKeyvaults(request); builder.Services.AddHttpClient(); builder.Configuration.AddIgetisRemoteConfiguration(client.GetProjectKeys());

Step 4: Runtime Secret Consumption

  1. Your application automatically connects to IGETIS Keyvault using the credentials
  2. All secrets from your vault project are loaded into the configuration at startup
  3. Access secrets through standard .NET configuration patterns:
// Example: Accessing any secret stored in the vault
var myApiKey = builder.Configuration["MySecretApiKey"];

// Example: Accessing a database connection string var connectionString = builder.Configuration["ConnectionStrings:DefaultConnection"];

// Example: Accessing nested configuration values var emailApiKey = builder.Configuration["EmailSettings:ApiKey"];

Step 5: Environment Management

  • Development: Create "MyApp-Development" project with development secrets
  • Staging: Create "MyApp-Staging" project with staging secrets
  • Production: Create "MyApp-Production" project with production secrets
  • Use different appsettings files or environment variables to switch between vault configurations

Benefits of This Approach

Security Benefits:
  • No Secrets in Source Code: Sensitive values never appear in your codebase
  • No Secrets in Config Files: appsettings.json only contains vault connection info
  • Centralized Management: All secrets managed through IGETIS Keyvault interface
  • Access Control: Enable/disable access without code deployment
  • Audit Trail: Track when secrets are updated through "Last Updates" column
Development Benefits:
  • Easy Updates: Change secrets without redeploying applications
  • Environment Consistency: Same application code works across all environments
  • Team Collaboration: Share access to secrets without sharing values directly
  • Configuration Management: Organize secrets by project and environment
  • Automatic Loading: Secrets are available immediately through standard .NET Configuration API
Technical Benefits:
  • Seamless Integration: Works with existing .NET configuration patterns
  • No Code Changes: Access secrets using familiar builder.Configuration["key"] syntax
  • Runtime Loading: Secrets loaded at application startup
  • HTTP Client Integration: Built-in HTTP client support for secure communication
Best Practices

Security Recommendations

  • Protect Your Credentials: Never share your API keys, Client IDs, or secret values publicly
  • Use Export Function: Use the "Export (Appsetting.json)" feature to avoid manual copying errors
  • Regular Review: Periodically review your API keys and secrets, deactivating unused ones
  • Proper Lifecycle Management: Use "Deactivate" for temporary suspension, "Remove" only when permanently done
  • Strong Passwords: Use a strong, unique password for your IGETIS Keyvault account
  • Email Security: Keep your registered email account secure for password resets
  • Secret Value Security: Never store secrets in plain text outside of IGETIS Keyvault
  • Environment Separation: Use different projects for development, staging, and production secrets

Organization Tips for .NET Development

1. Consistent Naming

Develop naming conventions that match your .NET configuration structure

  • Projects: "ApplicationName-Environment" (e.g., "ECommerceAPI-Production", "WebApp-Development")
  • Secret Keys: Use exact .NET configuration key names (e.g., "ConnectionStrings:DefaultConnection", "EmailSettings:SmtpPassword")

2. Regular Cleanup

Remove or deactivate secrets you no longer need to keep vault organized

3. Documentation

Keep a record of which secrets map to which application configuration sections

4. Monitor Usage

Check the "Last Updates" column to identify unused secrets

5. Configuration Mapping

Maintain consistency between your appsettings.json structure and vault secret keys

6. Environment Strategy

Create separate projects for each deployment environment

Integration Best Practices for .NET

  • Use Exported Configurations: Always use the "Export (Appsetting.json)" feature for .NET project integration
  • Environment Management: Create separate vault projects for each environment (dev, staging, production)
  • Configuration Structure: Organize vault secrets to match your .NET application's configuration hierarchy
  • Secret Rotation: Use the "Edit" function to update secrets without application redeployment
  • Development Workflow: Developers use development vault project for local testing
  • Backup Strategy: Export configurations regularly and store them securely for disaster recovery
Troubleshooting

Common Issues and Solutions

Login Problems

  • Issue: "We can't find this email"
  • Solution: Verify your email address spelling or create a new account if needed

Registration Issues

  • Issue: "This email is already in use"
  • Solution: Use the login form instead, or reset your password if you forgot it

Email Verification

  • Issue: Didn't receive verification email
  • Solution: Check your spam folder, or try registering again

Password Reset

  • Issue: Reset link expired
  • Solution: Request a new password reset link

API Key Management

  • Issue: Can't find a specific API key
  • Solution: Use the search function or check pagination if you have many keys

Configuration Export

  • Issue: Need to integrate API key into application
  • Solution: Use the "Export (Appsetting.json)" action for ready-to-use configuration files

Key Status Issues

  • Issue: API key not working in application
  • Solution: Check if the key is "ACTIVE" - use "Deactivate/Activate" to toggle status

Accidental Deletion

  • Issue: Accidentally clicked "Remove"
  • Solution: "Remove" is permanent for both API keys and secrets - you'll need to create new ones. Use "Deactivate" for temporary disabling instead

Secrets Management

  • Issue: Can't find a specific secret
  • Solution: Use the search function by key name or check if it's under the correct project

Project Dependencies

  • Issue: Want to create secrets but no projects available in dropdown
  • Solution: Create projects first in the "My API & Keys" section, then return to "My Secrets"

Secret Values

  • Issue: Need to view or update a secret value
  • Solution: Use the "Edit" action from the three dots menu to view and modify secret values

Cross-Feature Integration

  • Issue: Confusion about the relationship between API keys and secrets
  • Solution: API keys provide authentication credentials for your .NET app to connect to the vault; secrets store the actual configuration values your app consumes at runtime

.NET Integration Issues

  • Issue: Application can't connect to vault
  • Solution: Verify the KeyVaultConfiguration in appsettings.json matches the exported configuration, ensure the API key is "ACTIVE", and confirm you have internet connectivity

Configuration Key Mapping

  • Issue: .NET application can't find expected configuration values
  • Solution: Ensure secret key names in the vault exactly match the configuration keys your .NET application expects (case-sensitive)

NuGet Package Issues

  • Issue: Package installation fails or compilation errors
  • Solution: Ensure you're using .NET 6+ and the correct package name: IGETIS.Keyvaults.AspNetCore

Runtime Loading Issues

  • Issue: Secrets not available at runtime
  • Solution: Verify that AddIgetisRemoteConfiguration(client.GetProjectKeys()) is called before building the configuration, and check that the vault project contains the expected secrets

Getting Help

  • Technical Support: Contact IGETIS support if you encounter technical issues
  • Account Issues: Use the password reset function for login problems
  • Feature Questions: Refer to this user guide or contact support for additional assistance
Conclusion

IGETIS Keyvault provides a comprehensive, secure solution specifically designed for .NET applications to manage secrets and configuration at runtime. This eliminates the need to store sensitive information in source code or configuration files.

Complete .NET Integration Solution:

My API & Keys:
  • Provides authentication credentials for your .NET application to connect to the vault
  • Exports ready-to-use appsettings.json configuration
  • Enables secure runtime communication between your app and the vault
  • Supports environment-specific access control
My Secrets:
  • Stores all sensitive configuration values your .NET application needs
  • Maps directly to your application's configuration structure
  • Enables dynamic secret loading at runtime
  • Supports complex configuration scenarios

Key Benefits for .NET Developers:

  • No Hardcoded Secrets: Keep sensitive values out of source code and config files
  • Runtime Configuration: Secrets are loaded dynamically when your application starts
  • Environment Management: Easy switching between development, staging, and production configurations
  • Centralized Control: Update secrets without redeploying applications
  • Team Collaboration: Share vault access without sharing actual secret values
  • Enhanced Security: Centralized secret management with access control and audit trails

By following this guide, you can:

  • Set up secure vault authentication for your .NET applications
  • Store and organize secrets that map to your application's configuration needs
  • Implement a complete runtime secret management solution
  • Maintain security best practices across development environments
  • Troubleshoot common integration issues

IGETIS Keyvault transforms how .NET applications handle sensitive configuration, moving from static file-based secrets to secure, dynamic runtime secret management. This approach significantly improves application security while simplifying deployment and configuration management across different environments.