Encrypt and decrypt byte arrays for secure data storage. Used for protecting sensitive information such as VMS credentials, integration secrets, and secure metadata.
| Method | Description |
|---|---|
EncryptData(byte[]) |
Encrypt a byte array |
DecryptData(byte[]) |
Decrypt a byte array |
GetDecryptionKey() |
Get the system encryption key |
| Use Case | Description |
|---|---|
| VMS Credentials | Encrypt video management system connection details |
| Integration Secrets | Protect API keys and passwords for third-party systems |
| Secure Metadata | Store encrypted data on objects |
| Image Data | Encrypt sensitive images before storage |
// Encrypt sensitive data
var sensitiveData = Encoding.UTF8.GetBytes("my-secret-password");
var encryptedData = await client.EncryptData(sensitiveData);
// Store encrypted data as metadata
await client.SetMetadataAsync(
controller,
"EncryptedCredentials",
Convert.ToBase64String(encryptedData)
);
// Later, retrieve and decrypt
var storedData = await client.GetMetadataAsync<string>(
controller,
"EncryptedCredentials"
);
var encryptedBytes = Convert.FromBase64String(storedData);
var decryptedBytes = await client.DecryptData(encryptedBytes);
var password = Encoding.UTF8.GetString(decryptedBytes);
// Get encryption key for manual operations
var (key, iv) = await client.GetDecryptionKey();
// Use with standard .NET cryptography
using var aes = Aes.Create();
aes.Key = key;
aes.IV = iv;
// Perform encryption/decryption...
| Consideration | Recommendation |
|---|---|
| Key Management | Keys are managed by the API - do not store locally |
| Transport | Always use HTTPS for API calls |
| Storage | Store encrypted data, never plaintext secrets |
| Access Control | Limit who can call encryption methods via roles |
Example in C#
// Returns: Byte
var item = await client.DecryptData(Byte data);
Decrypt a byte array that was previously encrypted using EncryptData. Returns the original plaintext bytes.
Task<byte[]> DecryptData(byte[] encryptedData)
| Parameter | Type | Description |
|---|---|---|
encryptedData |
byte[] |
The encrypted bytes to decrypt |
byte[] - The decrypted (original) byte array.
// Retrieve and decrypt stored password
var encryptedString = await client.GetMetadataAsync<string>(
obj,
"EncryptedPassword"
);
var encryptedBytes = Convert.FromBase64String(encryptedString);
var decryptedBytes = await client.DecryptData(encryptedBytes);
var password = Encoding.UTF8.GetString(decryptedBytes);
// Decrypt API credentials
var encrypted = await client.GetMetadataAsync<string>(obj, "Credentials");
var decrypted = await client.DecryptData(Convert.FromBase64String(encrypted));
var json = Encoding.UTF8.GetString(decrypted);
var credentials = JsonSerializer.Deserialize<ApiCredentials>(json);
| Use Case | Description |
|---|---|
| Retrieve VMS credentials | Decrypt video system connection details |
| Integration secrets | Recover API keys for third-party calls |
| Secure configuration | Decrypt stored configuration values |
API-side decryption: Decryption happens on the server. The encryption key never leaves the acre infrastructure.
Authorization required: Only users with appropriate permissions can decrypt data.
Example in C#
// Returns: Byte
var item = await client.EncryptData(Byte data);
Encrypt a byte array using the system encryption key. Returns encrypted bytes that can only be decrypted by the acre API.
Task<byte[]> EncryptData(byte[] data)
| Parameter | Type | Description |
|---|---|---|
data |
byte[] |
The plaintext bytes to encrypt |
byte[] - The encrypted byte array.
// Encrypt a password
var password = "my-secret-password";
var plainBytes = Encoding.UTF8.GetBytes(password);
var encryptedBytes = await client.EncryptData(plainBytes);
// Store as base64 string
var encryptedString = Convert.ToBase64String(encryptedBytes);
await client.SetMetadataAsync(obj, "EncryptedPassword", encryptedString);
// Encrypt API credentials
var credentials = new
{
ApiKey = "key-12345",
ApiSecret = "secret-value"
};
var json = JsonSerializer.Serialize(credentials);
var encrypted = await client.EncryptData(Encoding.UTF8.GetBytes(json));
| Use Case | Description |
|---|---|
| VMS credentials | Encrypt video system connection details |
| Integration secrets | Protect third-party API keys |
| Sensitive metadata | Store encrypted values on objects |
Example in C#
// Returns: Byte
var item = await client.GetDecryptionKey();
Overview of GetDecryptionKey goes here.