-
Notifications
You must be signed in to change notification settings - Fork 10.3k
Allow data protection without writable storage #3272
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Comments
This isn't a scenario we support. |
@blowdart Does it mean that we cannot implement our own custom IDataProtectionProvider to create a custom IDataProtector? I think that is the case, but I would like to confirm that. |
In your case, without some way to link the nodes to share a keyring, no, you'd be better off looking at encrypted XML and certificates, or some sort of pre-shared key mechanism. |
Do you have sample or link so I can read more about? I am in a similar situation that I don't have a fileshare and can't write on DB. I would like to see what possible solution I can have. Thanks, |
@kevinlo I implemented a very bad possibly not cryptographically secure workaround that seems to suit my needs. I pass in the secret key via an envvar (using
Basically, I implement my own |
@MatthewLymer So, your solution is, instead of creating a custom IDataProtectionProvider , you use a custom IKeyManager to generate a fixed key using secret that never expire? |
I have a server farm in where I have no writable storage (no redis, fileshare, or database) but I would like to use the
IDataProtectionProvider
interfaces. One node will be sending data to another transitively through a 3rd-party.Is there an implementation of
IDataProtectionProvider
that does not use the key-rotation logic that requires a writable storage?I know of the
EphemeralDataProtectionProvider
which doesn't require a store, but this is useless in a server farm scenario. All other implementations look to require storing it in a filesystem, in azure, in redis, or whatever else.The text was updated successfully, but these errors were encountered: