docs: add Post-Quantum TLS support section to README (#192)

Description

Why is this change being made?

Users need to know whether and how Post-Quantum TLS is supported when using this caching library across different platforms.

What is changing?

Added a “Post-Quantum TLS Support” section to the README documenting platform-specific PQ TLS availability and requirements.

Issue #, if available:

Testing

How was this tested?

Documentation-only change; no functional code was modified.

When testing locally, provide testing artifact(s):

Verified README renders correctly using markdown preview.

Reviewee Checklist

Update the checklist after submitting the PR

I have reviewed, tested and understand all changes If not, why:
I have filled out the Description and Testing sections above If not, why:
Build and Unit tests are passing If not, why:
Unit test coverage check is passing If not, why:
[] Integration tests pass locally If not, why:
I have updated integration tests (if needed) If not, why:
I have ensured no sensitive information is leaking (i.e., no logging of sensitive fields, or otherwise) If not, why:
I have added explanatory comments for complex logic, new classes/methods and new tests If not, why:
I have updated README/documentation (if needed) If not, why:
I have clearly called out breaking changes (if any) If not, why:

Reviewer Checklist

All reviewers please ensure the following are true before reviewing:

Reviewee checklist has been accurately filled out
Code changes align with stated purpose in description
Test coverage adequately validates the changes

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Co-authored-by: Vedant Jaiswal vedjasy@amazon.com Co-authored-by: Simon Marty simon.marty0@gmail.com

AWS Secrets Manager Caching Client for .NET

The AWS Secrets Manager caching client enables in-process caching of secrets for .NET applications.

Required Prerequisites

To use this client, you must have:

A .NET project with one of the following:
- .NET Framework 4.6.2 or higher
- .NET Standard 2.0 or higher
An Amazon Web Services (AWS) account to access secrets stored in AWS Secrets Manager and use AWS SDK for .NET.
- To create an AWS account, go to Sign In or Create an AWS Account and then choose I am a new user. Follow the instructions to create an AWS account.
- To create a secret in AWS Secrets Manager, go to Creating Secrets and follow the instructions on that page.
- To download and install the AWS SDK for .NET, go to Installing the AWS SDK for .NET in the AWS SDK for .NET documentation and then follow the instructions on that page.

Download

You can get the latest release from Nuget:

<ItemGroup>
     <PackageReference Include="AWSSDK.SecretsManager.Caching" Version="2.*" />
</ItemGroup>

Getting Started

The following code sample demonstrates how to start using the caching client:

using System;
using Amazon.SecretsManager.Extensions.Caching.SecretsManagerCache;

namespace LambdaExample {
    public class CachingExample 
    {
        private SecretsManagerCache cache = new SecretsManagerCache();
        private const String MySecretName = "MySecret";

        public async Task<Response> FunctionHandlerAsync(String input, ILambdaContext context)
        {
            String MySecret = await cache.GetSecretString(MySecretName);
            ...
        }
    }
}

After instantiating the cache, retrieve your secret using GetSecretString or GetSecretBinary.
On successive retrievals, the cache will return the cached copy of the secret.
Learn more about AWS Lambda Function Handlers in C#.

Cache Configuration

You can configure the SecretCacheConfiguration object with the following parameters:

CacheItemTTL - The TTL of a Cache item in milliseconds. The default value is 3600000 ms, or 1 hour.
MaxCacheSize - The maximum number of items the Cache can contain before evicting using LRU. The default value is 1024.
VersionStage - The Version Stage the Cache will request when retrieving secrets from Secrets Manager. The default value is AWSCURRENT.
Client - The Secrets Manager client to be used by the Cache. The default value is null, which causes the Cache to instantiate a new Secrets Manager client.
CacheHook - An implementation of the ISecretCacheHook interface. The default value is null.

Post-Quantum TLS Support

This library automatically supports Post-Quantum TLS when available on the underlying platform:

macOS: Requires .NET 10+ and export DOTNET_SYSTEM_NET_SECURITY_USENETWORKFRAMEWORK=1
Linux: Works with OpenSSL 3.5+
Windows: Not yet supported

Getting Help

We use GitHub issues for tracking bugs and caching library feature requests and have limited bandwidth to address them. Please use these community resources for getting help:

Ask a question on Stack Overflow and tag it with aws-secrets-manager.
Open a support ticket with AWS Support.
If it turns out that you may have found a bug, please open an issue.

License

This library is licensed under the Apache 2.0 License.