Closed MichaelSimons closed 6 years ago
@VenkateshSrini I recommend this article on configuring data protection key storage in Docker. It includes samples on how to persist keys to a different location or an external key repo.
https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview
Closing for now as there isn't anything actionable yet. We can reopen if you are still having issues.
Copied from https://github.com/dotnet/dotnet-docker/issues/295 by @VenkateshSrini
Steps to reproduce the issue
Expected behavior
Should run with out any warning.
Actual behavior
I get an warning saying
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60] Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container . Protected data will be unavailable when container is destroyed.
Additional information (e.g. issue happens only occasionally)
Output of
docker version
I need a method to persist these keys even when the container is destroyed
Copied from https://github.com/dotnet/dotnet-docker/issues/295#issuecomment-329654893 by @natemcmaster Seems like a good candidate for aspnetcore documentation. https://github.com/aspnet/docs There are some docs already, but none for docker-specific scenarios.
Basically, you'll need to store the keys in a folder that is docker volume (i.e. shared volme or a host mounted volume), or you'll need to store them in an external provider, like Azure Key Vault or Redis.
cref https://github.com/aspnet/DataProtection/issues/185
_Copied from https://github.com/dotnet/dotnet-docker/issues/295#issuecomment-329964972 by @VenkateshSrini @natemcmaster, I have tried to mount a volume like this docker run -v d:/venkatesh/aspnetcore/2.0/containerdasample/publish/containerapp/keys:/root/.aspnet/dataprotection-keys -p 5000:80 --name containerda containerda-img In this I would expect the key to be stored in mounted volume but even after that I keep getting this error. I do not want to loose the encryption key. Can you please share me some link that has sample solution to this problem