Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Configuring the DataProtection options via appsettings.json file

See original GitHub issue

Summary

Currently, it seems the DataProtection settings need to be configured via code. We are looking for support via appsettings.json or in general via configuration without recompiling the application for different deployment environment types.

Motivation and goals

As developers, we would like to code once and deploy in various environment types by tuning the configuration. Currently, the DataProtection configuration seems to support only via code. Though we can read configuration in a custom way, it would be great if the library provides the configuration options out of box.

In scope

Configure the DataProtection options from appsettings.json. In code, we will be adding services.AddDataProtection();

Out of scope

Risks / unknowns

How might developers misinterpret/misuse this? How might implementing it restrict us from other enhancements in the future? Also list any perf/security/correctness concerns.

Examples

services.AddDataProtection() - This will be loading the settings from the appsettings.json before defaulting to the values in the code.

ex: By default, the keys are stores at %USERPROFILE%\AppData\Local\ASP.NET\DataProtection-Keys. To change this folder we have to write code. This path should be configurable via appsettings.json

Issue Analytics

State:
Created 8 months ago
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

davidfowlcommented, Jan 14, 2023

I think it’s reasonable to provide a way to configure this (answering some of these questions)

0reactions

joymoncommented, Jan 18, 2023

The problem with using config is there is no common config between the providers, unlike the logging example @davidfowl talks about. The file path is unique to the file keyring provider, the key vault location is unique to keyvault etc.

Given there’s a way to check environments already that would be the approach I’d take in my program.cs

@blowdart I agree that the settings are different for different providers. Though not exactly the same, the logging also works similarly. If we are logging into the console, no or very fewer options, but if it’s to Azure App Insights, it requires an instrumentation key. I am not able to envision how the JSON should look as I am not aware of all the options. Once I am free from the busy schedule I will put some through. Hope by the time the current team get some time to look at this featue.