AspNetCore.Docs icon indicating copy to clipboard operation
AspNetCore.Docs copied to clipboard

Published 20 hours ago verified publisher icon dotnet

ReadOnly DataProtection keys /8

Open Rick-Anderson opened this issue 1 year ago • 11 comments
trafficstars

Fixes #32530

Internal previews

📄 File 🔗 Preview link
aspnetcore/security/data-protection/introduction.md ASP.NET Core Data Protection Overview

Rick-Anderson avatar May 08 '24 23:05 Rick-Anderson

@Rmattmann1221 @adityamandaleeka I'm working on #32530 while @amcasey is OOF. I can only find autoConfigureDataProtection in azure-rest-api-specs but not in .net org

Can someone help me get started with #32530 ?

Rick-Anderson avatar May 09 '24 01:05 Rick-Anderson

@Rick-Anderson That's correct. The autoConfigureDataProtection variable is an Azure concept (AZD and ACA are aware of it), not an ASP.NET Core concept. When it's enabled, ACA does some magic behind the scenes to properly set up a volume via which data protection keys can be shared. To do so, it uses the ASP.NET Core variable added here: https://github.com/dotnet/aspnetcore/pull/54266 (ReadOnlyDataProtectionKeyDirectory, DOTNET_ReadOnlyDataProtectionKeyDirectory, or ASPNETCORE_ReadOnlyDataProtectionKeyDirectory, in descending order of precedence) to specify a directory that should be used in read-only mode to get the keys to be used.

adityamandaleeka avatar May 10 '24 06:05 adityamandaleeka

I'm back(ish), but now @claudiaregio is out. I'd like to question the premise a bit - I don't believe those docs presently say anything about what happens when you deploy your app. This page does, but I think it's helpful as a worked example of how to do things manually.

I thought there had already been some documentation of this scenario on the ACA side. Maybe our page could link to that as an easy path but still provide details about how to do things manually?

amcasey avatar May 13 '24 20:05 amcasey

I think @jcjiang may have been the one to add/update the ACA docs?

amcasey avatar May 13 '24 20:05 amcasey

I'm not aware of any additional documentation from the ACA side. There is a new page from ACA for .NET, but on the topic of data protection we have actually been linking to .NET docs.

@anthonychu might be able to give more insight.

jcjiang avatar May 13 '24 23:05 jcjiang

I'm not aware of any additional documentation from the ACA side. There is a new page from ACA for .NET, but on the topic of data protection we have actually been linking to .NET docs.

@anthonychu might be able to give more insight.

Thanks! I'm pretty sure that's the page I was thinking of. Do you have a link to that ACA for .net page?

amcasey avatar May 13 '24 23:05 amcasey

https://github.com/MicrosoftDocs/azure-docs-pr/pull/269838 Here is the PR - let me know if any changes need to be made, otherwise I can work to get this pushed soon.

jcjiang avatar May 13 '24 23:05 jcjiang

Personally, I'd put something here. Just a tiny mention like, "by default the keys will be provided automatically to your app instances, but you still have the option of following the aspnetcore docs here".

amcasey avatar May 13 '24 23:05 amcasey

When do we expect people to hit this doc?

The new "Data consistency in Azure Container Apps" section seems a bit out of the blue. Maybe the organization we want is something more like:

- Intro to Data Protection (what is it)
  - What do you need to do when scaling your app
    - NOTE about ACA handling this for you (and a link to the ACA docs about it)

adityamandaleeka avatar May 23 '24 17:05 adityamandaleeka

When do we expect people to hit this doc?

The new "Data consistency in Azure Container Apps" section seems a bit out of the blue. Maybe the organization we want is something more like:

- Intro to Data Protection (what is it)
  - What do you need to do when scaling your app
    - NOTE about ACA handling this for you (and a link to the ACA docs about it)

Unfortunately, the how to scale your app page isn't with the data protection docs. I've been unable to find a good place for such a note.

amcasey avatar May 23 '24 19:05 amcasey

@Rick-Anderson I like the suggestion that @adityamandaleeka has above. Could we try to add the information using that format?

claudiaregio avatar Jun 10 '24 17:06 claudiaregio

EDIT CoPilot helped me write an introduction.

@adityamandaleeka proposed:

When do we expect people to hit this doc?

The new "Data consistency in Azure Container Apps" section seems a bit out of the blue. Maybe the organization we want is something more like:

- Intro to Data Protection (what is it)
  - What do you need to do when scaling your app
    - NOTE about ACA handling this for you (and a link to the ACA docs about it)

What do you need to do when scaling your app > - NOTE about ACA handling this for you (and a link to the ACA docs about it)

Shouldn't that be in the Azure docs here as suggested by @amcasey? ACA topics should be in Azure docs and obviously we'd link to that section.

If we decide to go with a new doc (or expanded) on

  • Intro to Data Protection (what is it)
    • What do you need to do when scaling your app
      • NOTE about ACA handling this for you (and a link to the ACA docs about it)

Someone from the Product Unit would need to write it and the writing team can do the edits.

Rick-Anderson avatar Jul 02 '24 00:07 Rick-Anderson

@adityamandaleeka CoPilot helped me write an introduction.

Rick-Anderson avatar Jul 02 '24 01:07 Rick-Anderson

@claudiaregio see https://github.com/MicrosoftDocs/azure-docs-pr/pull/279853/files

Rick-Anderson avatar Jul 02 '24 02:07 Rick-Anderson

Someone from the Product Unit would need to write it and the writing team can do the edits.

Thanks, @Rick-Anderson - I'll try to get to this next week.

amcasey avatar Jul 10 '24 20:07 amcasey

@Rick-Anderson This is the sort of thing I had in mind. Please feel free to change it as much as you like to make it fit our guidelines and conventions.

https://github.com/dotnet/AspNetCore.Docs/pull/33086

amcasey avatar Jul 15 '24 19:07 amcasey