Skip to content

feat(security): secret-at-rest via host IDataProtectionProvider (M3c) #72

Description

@williamdewitt

Part of #9 (M3 epic). Decomposed slice M3c. risk:critical — human-merge + design update. Not agent-labelled yet. Independent of M3a/M3b.

Acceptance criteria

  • Endpoint secrets protected at rest using the host's IDataProtectionProvider (encrypt on store, decrypt on use).
  • A documented, safe behaviour when no provider is configured (explicit opt-in / clear failure — never silent plaintext).
  • No plaintext secret persisted when protection is configured.
  • Tests cover protect/unprotect round-trip + the no-provider path.

Definition of done

  • Builds net8.0+net10.0, 0 warnings; tests green; linked design update (docs/concepts/security.md).

Design: docs/concepts/security.md.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:securitySSRF guard, signing, secret-at-rest, receiver verifypriority:p2Normal priorityreadyHas acceptance criteria + DoD; pickable by the looprisk:criticalSSRF/signing/secret/public-API/migrations; review + design (Opus, max)type:featNew feature

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions