How to pass custom encryption key to RavenDB client?

[dtaalbers]

I am running a RavenDB cloud instance. The databases are created by my software. How do I pass in a custom encryption key when creating an encrypted database? I've tried it like this, the database is created but it can't be loaded by RavenDB studio with a load errors. Any help would be appreciated!

var record = new DatabaseRecord(name)
{
    Encrypted = true,
    Settings =
    {
        ["Security.MasterKey"] = encryptionKeyBase64 
    }
};

await store.Maintenance.Server.SendAsync(new CreateDatabaseOperation(record, 3));

[ayende]

That isn't quite how this work. The master key for a database is not part of the global state of the cluster.
Instead, it is a local state for each node, and you mark the database as encrypted.

In other words, we create a secret key with the name of the database, and then create the database for that.

fetch("https://a.books.ravendb.run/admin/secrets/distribute?name=test&node=A", {
  "referrer": "https://a.books.ravendb.run/studio/index.html",
  "body": "XqkQTscDtg2V22HEhxNfrWMA1qdHuppV3jNgegXKZx8=",
  "method": "POST"
});

The reason for that is that we keep strict separation of the secrets from anything else, and you can run with different keys for each node in the cluster.
The Distribute endpoint push the secret value to the specified nodes, skipping the need to do that manually.

[ayende]

Note that we are missing a public API to do that, it seems.
See: https://github.com/ravendb/ravendb/blob/v6.2/src/Raven.Studio/typescript/commands/database/secrets/distributeSecretCommand.ts

There is no C# equivalent. But it should be simple to create one.

[dtaalbers]

Sorry, I completely missed this. Is this something you willing to add to the C# client? For now I can use the POST? I guess I need to send this post request to each of the nodes separately?

[georgiosd]

@dtaalbers I had to do this for one of our projects, here you go:

 private async Task SetDatabaseSecretAsync(string encryptionKey)
    {
        var handler = new HttpClientHandler
        {
            ClientCertificateOptions = ClientCertificateOption.Manual,
            ClientCertificates = { RavenHelper.LoadServerCertificate()! }
        };

        var http = new HttpClient(handler);

        var response = await http.PostAsync($"{RavenHelper.GetDatabaseUrl(env)}/admin/secrets?name={RavenHelper.DatabaseName}",
            new StringContent(encryptionKey, Encoding.UTF8, "text/plain"));

        string responseContent = await response.Content.ReadAsStringAsync();

        try
        {
            response.EnsureSuccessStatusCode();
        }
        catch (HttpRequestException ex)
        {
            throw new InvalidOperationException(responseContent, ex);
        }
    }

Note that this is the way to use it:

            if (shouldEncrypt)
            {
                await SetDatabaseSecretAsync(model.EncryptionKey);
            }

            try
            {
                await store.Maintenance.Server.SendAsync(
                    new CreateDatabaseOperation(
                        new DatabaseRecord(RavenHelper.DatabaseName)
                        {
                            Encrypted = shouldEncrypt
                        }));
            }
            catch (Exception ex) when (ex.Message.Contains("was created but is not accessible"))
            {
                // ignore - seems that the database is created but the validation
                // callback is not respected, and it fails
            }

[ayende]

And yes, we would love a pull request for that.