Knowit.NemLogin.AzureKeyVault 0.1.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package Knowit.NemLogin.AzureKeyVault --version 0.1.0
                    


                    

                
NuGet\Install-Package Knowit.NemLogin.AzureKeyVault -Version 0.1.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="Knowit.NemLogin.AzureKeyVault" Version="0.1.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="Knowit.NemLogin.AzureKeyVault" Version="0.1.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="Knowit.NemLogin.AzureKeyVault" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add Knowit.NemLogin.AzureKeyVault --version 0.1.0
                    


                    

                
#r "nuget: Knowit.NemLogin.AzureKeyVault, 0.1.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package Knowit.NemLogin.AzureKeyVault@0.1.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=Knowit.NemLogin.AzureKeyVault&version=0.1.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=Knowit.NemLogin.AzureKeyVault&version=0.1.0
                    


                            Install as a Cake Tool

Knowit.NemLogin.AzureKeyVault

Azure Key Vault certificate provider for Knowit.NemLogin. Lets the SP signing + encryption certs live in Key Vault and rotate without redeploys.

Package family

Package Role
Knowit.NemLogin Core SAML primitives, framework-agnostic (pulled in transitively)
Knowit.NemLogin.Web ASP.NET Core authentication handler + endpoint mappings
Knowit.NemLogin.Umbraco Umbraco Members integration — auto-provisioning, group mapping, Members-scheme sign-in
Knowit.NemLogin.AzureKeyVault ICertificateProvider backed by Azure Key Vault — keep SP signing/encryption certs out of source control. (you are here)

What's in this package

  • AzureKeyVaultCertificateProviderICertificateProvider implementation that resolves CertificateReference.FromKeyVault(...) entries via the Azure SDK. File and Store references fall through to the default in-box provider.
  • AddNemLoginAzureKeyVault() extension on IServiceCollection — replaces the default ICertificateProvider with the Key Vault-aware one. Idempotent.
  • Uses DefaultAzureCredential by default — picks up Managed Identity, AZURE_* env vars, or developer credentials in the standard order. Pass a TokenCredential to override.
  • Per-(vault, name, version) in-process cache so the first sign-in after startup hits Key Vault; subsequent sign-ins do not.

Quick start

// Register the Key Vault provider BEFORE configuring NemLoginOptions
// (the auth-builder AddNemLogin call uses TryAddSingleton, so the first
// registration wins).
builder.Services.AddNemLoginAzureKeyVault();

builder.Services.Configure<NemLoginOptions>(o =>
{
    var vault = new Uri(builder.Configuration["NemLogin:KeyVaultUri"]!);
    o.SigningCertificates.Add(CertificateReference.FromKeyVault(vault, "nemlogin-signing"));
    o.EncryptionCertificates.Add(CertificateReference.FromKeyVault(vault, "nemlogin-encryption"));
});

CertificateReference.FromKeyVault(vaultUri, name) pins to "latest enabled" — uploading a new version rotates the cert on the next cache refresh / restart. Pin to a specific version via the third parameter when you need predictable rollouts:

o.SigningCertificates.Add(
    CertificateReference.FromKeyVault(vault, "nemlogin-signing", version: "<sha>"));

Repository

github.com/mustap/Knowit-NemLogin — production checklist (§2 Certificates), operational runbook (cert-rotation procedure).

License

MIT — see LICENSE.

Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.1.0 78 5/13/2026