AspNetCore.Docs
AspNetCore.Docs copied to clipboard
dotnet
Mention the use of DOTNET_ReadOnlyDataProtectionKeyDirectory created by the ASP.NET Data Protection feature in ACA
Description
Azure Container Apps provides a feature that will create a key volume mount inside the container for the scaling set to use at the location specified by the injected environment variable DOTNET_ReadOnlyDataProtectionKeyDirectory.
To enable it, go to the Container App in Azure Portal and select the Development Stack section on the left. Then set it to .NET and enable the "ASP .NET Core Data Protection" feature. It can be enabled through ARM bicep:
resource containerApp 'Microsoft.App/containerApps@2024-10-02-preview'= {
properties: {
configuration: {
runtime: {
dotnet: {
autoConfigureDataProtection: true
}
}
The volume mount is supposedly read-only. So I'm guessing key rotation is handled by Container Apps service.
Page URL
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/scaling-aspnet-apps/scaling-aspnet-apps?view=aspnetcore-9.0&tabs=login-azure-cli
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/host-and-deploy/scaling-aspnet-apps/scaling-aspnet-apps.md
Document ID
8f9736cd-5888-8c01-d2f9-e13353d0ee1c
Platform Id
91a6ff36-d97b-db01-28a6-bfcce8a5bb0c
Article author
@alexwolfmsft
Metadata
- ID: 8f9736cd-5888-8c01-d2f9-e13353d0ee1c
- PlatformId: 91a6ff36-d97b-db01-28a6-bfcce8a5bb0c
- Service: aspnet-core
- Sub-service: hosting-deployment
Related Issues #32530 has PR addressing this but it's much larger in scope and has been under review for over six months.
I found in your code that this variable is always used and can be set via appsettings. https://github.com/dotnet/aspnetcore/blob/main/src/DataProtection/DataProtection/src/Internal/KeyManagementOptionsPostSetup.cs#L26
Here's the ServiceCollection extension method that adds the PostConfiguration: https://github.com/dotnet/aspnetcore/blob/main/src/DataProtection/DataProtection/src/DataProtectionServiceCollectionExtensions.cs#L70-L71