Skip to content
This repository has been archived by the owner on May 31, 2019. It is now read-only.

Save Data protection keys even after container is destroyed #303

Closed
MichaelSimons opened this issue Sep 18, 2017 · 1 comment
Closed

Save Data protection keys even after container is destroyed #303

MichaelSimons opened this issue Sep 18, 2017 · 1 comment
Labels
closed-external Closed because the issue is external to the project in this repo.

Comments

@MichaelSimons
Copy link
Contributor

MichaelSimons commented Sep 18, 2017
edited
Loading

Copied from dotnet/dotnet-docker#295 by @VenkateshSrini

Steps to reproduce the issue

  1. Run an aps.net core app using the command
    docker run -p 5000:80 --name containerda containerda-img

Expected behavior

Should run with out any warning.

Actual behavior

I get an warning saying

warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container
. Protected data will be unavailable when container is destroyed.

Additional information (e.g. issue happens only occasionally)

Output of docker version

Docker version 17.06.2-ce, build cec0b72

I need a method to persist these keys even when the container is destroyed

Copied from dotnet/dotnet-docker#295 (comment) by @natemcmaster
Seems like a good candidate for aspnetcore documentation. https://github.com/aspnet/docs There are some docs already, but none for docker-specific scenarios.

Basically, you'll need to store the keys in a folder that is docker volume (i.e. shared volme or a host mounted volume), or you'll need to store them in an external provider, like Azure Key Vault or Redis.

cref aspnet/DataProtection#185

_Copied from dotnet/dotnet-docker#295 (comment) by @VenkateshSrini
@natemcmaster,
I have tried to mount a volume like this
docker run -v d:/venkatesh/aspnetcore/2.0/containerdasample/publish/containerapp/keys:/root/.aspnet/dataprotection-keys -p 5000:80 --name containerda containerda-img
In this I would expect the key to be stored in mounted volume but even after that I keep getting this error. I do not want to loose the encryption key. Can you please share me some link that has sample solution to this problem
@MichaelSimons MichaelSimons mentioned this issue Sep 18, 2017
Closed
@natemcmaster
Copy link
Contributor

@VenkateshSrini I recommend this article on configuring data protection key storage in Docker. It includes samples on how to persist keys to a different location or an external key repo.

https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/overview

Closing for now as there isn't anything actionable yet. We can reopen if you are still having issues.

@natemcmaster natemcmaster added the closed-external Closed because the issue is external to the project in this repo. label Oct 26, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
closed-external Closed because the issue is external to the project in this repo.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@natemcmaster @MichaelSimons