In-Memory Key Store

The in-memory key store uses a ConcurrentDictionary to hold encryption keys in process memory. It requires no configuration and no external dependencies, making it the simplest way to get started with Tayra.

Built Into Tayra.Core

InMemoryKeyStore is built into the Tayra.Core package -- no separate NuGet package is needed. When you call AddTayra() without chaining a key store, Tayra defaults to the in-memory key store and logs a warning reminding you to configure a production key store.

When to Use

• Local development -- Get started without standing up a database or secrets manager.
• Unit tests -- Fast, deterministic, no cleanup needed.
• Integration tests -- Isolate tests from external infrastructure.
• Prototyping -- Quickly evaluate Tayra features before choosing a production key store.

Setup

The in-memory key store is the default, so no explicit registration is required:

// InMemoryKeyStore is used by default
services.AddTayra(opts => opts.LicenseKey = licenseKey);

Not for Production

The in-memory key store holds all keys in a ConcurrentDictionary. Keys are lost when the process exits. Never use this key store in production -- if the process restarts, all encryption keys are gone and encrypted data becomes permanently unreadable.

Thread Safety

InMemoryKeyStore is fully thread-safe. It uses ConcurrentDictionary internally, so concurrent reads, writes, and deletes are safe without external synchronization.

Behavior Notes

• StoreAsync is idempotent. Storing a key that already exists is a no-op.
• GetAsync returns null for deleted or non-existent keys, which triggers replacement values during decryption.
• DeleteByPrefixAsync removes all keys whose IDs start with the given prefix.
• ListKeyIdsAsync and GetKeysCreatedBeforeAsync are fully supported.

See Also

• Key Stores Overview -- Comparison of all providers
• PostgreSQL Key Store -- Production-ready alternative
• Custom Key Store -- Build your own IKeyStore