Multiple dataprotection providers for migration/fallback
See original GitHub issueIs your feature request related to a problem? Please describe.
I’m not sure if this is possible at all since the documentation feels rather scarce when it comes to changes to the data protection stores, but we have 2 different migration issues here with changing Data Protection providers:
- We want to migrate our existing DataProtection keys from one data store to another, relying on the implementation itself to do the work of creating and storing the missing keys rather than us having to work out exactly how the format is different between providers.
- We’ve realised after-the-fact that we should have had set the application name for the DataProtection config since we now want to share the existing keys with multiple applications. Adding a name now seems to log out all users which is really not a viable option on a consumer website (last time it happened when we migrated from ASP.NET to Core, we were getting emails about a “bug” and forgotten password issues for months).
Describe the solution you’d like
If any of the above is already possible, it’d be ideal to include it in the documentation.
If it’s not already possible, ideally we’d like to see the following features:
- The ability to add multiple DataProtection key stores, with the expectation that the key stores have their keys reconciled (maybe have multiple
ReconciliationStrategies
, such as merge and override?) and maintained at a synchronised state. - The ability to either add a new ApplicationName for data protection with the expectation that keys referring to the old name are migrated, or, similar to above, the ability to add multiple application names and have identical keys maintained for both names.
- Pertaining to #1, if there are already multiple key stores defined, the ability to use a synced key store for fallback might be a welcome addition in certain scenarios such as in the case of geo-replicated Kubernetes clusters, but this is really more of an optional idea if there are already multiple key stores anyway.
These could be either implemented via a new IKeyManager
or IXmlRepository
store, or implemented directly in the core of the data protection system. I can see pros on both sides of this issue.
Issue Analytics
- State:
- Created 3 years ago
- Reactions:2
- Comments:6 (4 by maintainers)
Top Results From Across the Web
Database migration: Concepts and principles (Part 2)
Phase 6: Fallback Implementing a fallback, especially for highly critical database clients, can be a good safeguard against issues and problems ...
Read more >6 Essential Questions to Ask Yourself Before Starting Your ...
A data migration project can be daunting. Here are some critical questions to ask before starting one to ensure a successful outcome.
Read more >Mastering Data Migration: Key Steps, Challenges, and ...
o Professional help: Hiring professional data migration services or consulting firms that have experience in rollback can be useful as they can ...
Read more >Create an ASP.NET Core app with user data protected by ...
Learn how to create an ASP.NET Core web app with user data protected by authorization. Includes HTTPS, authentication, security, ASP.
Read more >/database-migration-to-cloud
Migrating your databases to the cloud can be a great way to improve agility, scalability, and security across your organisation.In moving your ...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@GrabYourPitchforks regarding your suggested configuration approach , for creating the nested protector instances would you need to create nested instances in their own service containers?
I’m imagining something like this:
I might have expected to be able to use
DataProtectionProvider.Create
, but that method seems to limit your persistence/protection options.enhancement seems like an appropriate label. The extensibility hooks to allow this already exist. If this is a common enough scenario then it’d be useful to provide a vetted implementation in-box.