search

aspnet / aspnet-docker

[Archived] ASP.NET Core Docker images for 1.x. Go to https://github.com/dotnet/dotnet-docker for 2.1 and up.
https://asp.net
719 stars 171 forks source link

Save Data protection keys even after container is destroyed #303

Closed MichaelSimons closed 6 years ago

MichaelSimons commented 7 years ago

Copied from https://github.com/dotnet/dotnet-docker/issues/295 by @VenkateshSrini

Steps to reproduce the issue

  1. Run an aps.net core app using the command docker run -p 5000:80 --name containerda containerda-img

Expected behavior

Should run with out any warning.

Actual behavior

I get an warning saying

warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container . Protected data will be unavailable when container is destroyed.

Additional information (e.g. issue happens only occasionally)

Output of docker version

Docker version 17.06.2-ce, build cec0b72

I need a method to persist these keys even when the container is destroyed

Copied from https://github.com/dotnet/dotnet-docker/issues/295#issuecomment-329654893 by @natemcmaster Seems like a good candidate for aspnetcore documentation. https://github.com/aspnet/docs There are some docs already, but none for docker-specific scenarios.

Basically, you'll need to store the keys in a folder that is docker volume (i.e. shared volme or a host mounted volume), or you'll need to store them in an external provider, like Azure Key Vault or Redis.

cref https://github.com/aspnet/DataProtection/issues/185

_Copied from https://github.com/dotnet/dotnet-docker/issues/295#issuecomment-329964972 by @VenkateshSrini @natemcmaster, I have tried to mount a volume like this docker run -v d:/venkatesh/aspnetcore/2.0/containerdasample/publish/containerapp/keys:/root/.aspnet/dataprotection-keys -p 5000:80 --name containerda containerda-img In this I would expect the key to be stored in mounted volume but even after that I keep getting this error. I do not want to loose the encryption key. Can you please share me some link that has sample solution to this problem

natemcmaster commented 6 years ago

@VenkateshSrini I recommend this article on configuring data protection key storage in Docker. It includes samples on how to persist keys to a different location or an external key repo.

https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview

Closing for now as there isn't anything actionable yet. We can reopen if you are still having issues.