.. _data-protection-implementation-key-storage-ephemeral:

Ephemeral data protection providers
===================================

There are scenarios where an application needs a throwaway IDataProtectionProvider. For example, the developer might just be experimenting in a one-off console application, or the application itself is transient (it's scripted or a unit test project). To support these scenarios the package Microsoft.AspNet.DataProtection includes a type EphemeralDataProtectionProvider. This type provides a basic implementation of IDataProtectionProvider whose key repository is held solely in-memory and isn't written out to any backing store.

Each instance of EphemeralDataProtectionProvider uses its own unique master key. Therefore, if an IDataProtector rooted at an EphemeralDataProtectionProvider generates a protected payload, that payload can only be unprotected by an equivalent IDataProtector (given the same :ref:`purpose <data-protection-consumer-apis-purposes>` chain) rooted at the same EphemeralDataProtectionProvider instance.

The following sample demonstrates instantiating an EphemeralDataProtectionProvider and using it to protect and unprotect data.

.. code-block:: c#

	using System;
	using Microsoft.AspNet.DataProtection;
	 
	public class Program
	{
	    public static void Main(string[] args)
	    {
	        const string purpose = "Ephemeral.App.v1";
	 
	        // create an ephemeral provider and demonstrate that it can round-trip a payload
	        var provider = new EphemeralDataProtectionProvider();
	        var protector = provider.CreateProtector(purpose);
	        Console.Write("Enter input: ");
	        string input = Console.ReadLine();
	 
	        // protect the payload
	        string protectedPayload = protector.Protect(input);
	        Console.WriteLine($"Protect returned: {protectedPayload}");
	 
	        // unprotect the payload
	        string unprotectedPayload = protector.Unprotect(protectedPayload);
	        Console.WriteLine($"Unprotect returned: {unprotectedPayload}");
	 
	        // if I create a new ephemeral provider, it won't be able to unprotect existing
	        // payloads, even if I specify the same purpose
	        provider = new EphemeralDataProtectionProvider();
	        protector = provider.CreateProtector(purpose);
	        unprotectedPayload = protector.Unprotect(protectedPayload); // THROWS
	    }
	}
	 
	/*
	 * SAMPLE OUTPUT
	 *
	 * Enter input: Hello!
	 * Protect returned: CfDJ8AAAAAAAAAAAAAAAAAAAAA...uGoxWLjGKtm1SkNACQ
	 * Unprotect returned: Hello!
	 * << throws CryptographicException >>
	 */