Installation
Tayra is distributed as a set of NuGet packages. Install only what you need — Tayra.Core is the only required package.
Core Package
Every Tayra project needs the core package:
dotnet add package Tayra.CoreInstall-Package Tayra.CoreKey Store Packages
Tayra.Core includes a built-in InMemoryKeyStore for unit tests and throwaway demos — no additional package is needed to get started.
| Package | Use Case |
|---|---|
| (built into Tayra.Core) | Unit tests and throwaway demos (InMemoryKeyStore — keys lost on restart) |
Tayra.KeyStore.Sqlite | Local development — zero-config, file-based, persistent across restarts |
Tayra.KeyStore.PostgreSql | Local development, or self-managed production (with hardening) |
Tayra.KeyStore.Vault | Production — HashiCorp Vault KV v2 |
Tayra.KeyStore.AzureKeyVault | Production — Azure Key Vault secrets |
Tayra.KeyStore.AwsParameterStore | Production — AWS Systems Manager Parameter Store |
Key Store Security
Tayra.KeyStore.Sqlite is for local development only. Tayra.KeyStore.PostgreSql can be used in production with proper hardening — see the Production Security Guide. For production without self-managed hardening, use a secrets manager (Vault, Azure Key Vault, or AWS KMS).
For production, choose a secrets manager:
dotnet add package Tayra.KeyStore.Vaultdotnet add package Tayra.KeyStore.AzureKeyVaultdotnet add package Tayra.KeyStore.AwsParameterStoreFor local development with persistent keys:
dotnet add package Tayra.KeyStore.Sqlitedotnet add package Tayra.KeyStore.PostgreSqlCompliance Reporting Package
Tayra.Core already provides the technical foundation for GDPR compliance — field-level encryption, crypto-shredding, key rotation, audit trail, and all framework integrations. No additional package is needed to protect personal data.
The optional Tayra.Compliance package adds reporting and tooling on top: PII data maps (Art. 30), data subject access exports (Art. 15/20), breach notification reports (Art. 33/34), and formatted HTML compliance reports. This requires a Compliance edition license.
dotnet add package Tayra.ComplianceSee Licensing for edition details.
Integration Packages
Add framework integrations as needed:
| Package | Framework |
|---|---|
Tayra.EFCore | Entity Framework Core — transparent encrypt/decrypt via interceptors |
Tayra.Marten | Marten — document and event store encryption |
Tayra.Wolverine | Wolverine — message bus PII encryption middleware |
Tayra.MassTransit | MassTransit — message bus PII encryption filters |
Tayra.MediatR | MediatR — CQRS pipeline PII encryption behavior |
Tayra.NServiceBus | NServiceBus — incoming/outgoing pipeline PII encryption |
Tayra.Serilog | Serilog — automatic PII log scrubbing |
Tayra.Json | System.Text.Json — encrypt/decrypt during JSON serialization |
Tayra.MongoDB | MongoDB — collection-level PII encryption wrapper |
Tayra.AspNetCore | ASP.NET Core — response body PII scrubbing middleware |
dotnet add package Tayra.EFCoredotnet add package Tayra.Martendotnet add package Tayra.Wolverinedotnet add package Tayra.MassTransitdotnet add package Tayra.MediatRdotnet add package Tayra.NServiceBusdotnet add package Tayra.Serilogdotnet add package Tayra.Jsondotnet add package Tayra.MongoDBdotnet add package Tayra.AspNetCoreTarget Frameworks
All Tayra packages target .NET 8, 9, and 10:
| Target | Status |
|---|---|
net8.0 | Supported (LTS) |
net9.0 | Supported (STS) |
net10.0 | Supported (LTS) |
Roslyn Analyzers
The Tayra.Core package automatically includes Roslyn analyzers that validate PII attribute usage at compile time. No separate installation is needed.
| Rule | Description |
|---|---|
| TAYRA001 | Entity with [PersonalData] must have a [DataSubjectId] property |
| TAYRA002 | [DataSubjectId] must be on a Guid or string property |
| TAYRA003 | [PersonalData] on non-string requires [SerializedPersonalData] |
| TAYRA004 | [DeepPersonalData] must be on a class type, not a primitive |
Framework Compatibility
| Tayra | Marten | Wolverine | EF Core | ASP.NET Core | MassTransit | MediatR | NServiceBus | Serilog | MongoDB Driver |
|---|---|---|---|---|---|---|---|---|---|
| 1.x | 8.x | 5.x | 9.x | 9.x | 8.x | 12.x | 9.x | 4.x | 3.x |
CLI Tool
Tayra includes a .NET global tool for operational tasks:
dotnet tool install --global Tayra.CliSee CLI documentation for available commands.
Package Dependencies
Tayra.Core (standalone, zero framework deps — includes InMemoryKeyStore)
├── Tayra.Compliance → GDPR compliance reporting (PII inventory, access exports, breach reports)
├── Tayra.KeyStore.Sqlite → Microsoft.Data.Sqlite
├── Tayra.KeyStore.PostgreSql → Npgsql
├── Tayra.KeyStore.Vault → VaultSharp
├── Tayra.KeyStore.AzureKeyVault → Azure.Security.KeyVault.Secrets
├── Tayra.KeyStore.AwsParameterStore → AWSSDK.SimpleSystemsManagement
├── Tayra.EFCore → Microsoft.EntityFrameworkCore
├── Tayra.Marten → Marten
├── Tayra.Wolverine → WolverineFx
├── Tayra.MassTransit → MassTransit
├── Tayra.MediatR → MediatR
├── Tayra.NServiceBus → NServiceBus
├── Tayra.Serilog → Serilog
├── Tayra.Json → System.Text.Json
├── Tayra.MongoDB → MongoDB.Driver
└── Tayra.AspNetCore → Microsoft.AspNetCore (SDK)Central Package Management
If you use multiple Tayra packages, consider Central Package Management to keep all Tayra package versions in sync from a single Directory.Packages.props file.