-
Notifications
You must be signed in to change notification settings - Fork 25.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Key Management Documentation #3273
Comments
@blowdart please review this proposed work. |
Looks fine to me. |
@blowdart @Rick-Anderson I looked at this for #4549.
The list pertains to this line from the topic ...
i.e., "detect[ion] ... [and] ... configuration [without dev attention]." These statements are written from the app's/DP's perspective ... what the app can and can't do on its own for key management ... not from the developer's perspective. It isn't currently written as a list of all of the ways that key management can be handled; it's more like these first three are handled for you and the fourth isn't. The fourth covers cases where the app will lose its keys. The line immediately under the list refers directly to the overview, where It could be re-written to address out-of-process providers, but my current understanding is that topics that describe KV and Redis won't be initiated until 2.1. We'd also need to bring in a sixth entry for custom key extensibility approaches (@blowdart, you may recall my RexHacks™️ to do key management with Azure Table Storage in ancient times! lol). We'd need a seventh entry for
I kind'a doubt that would work well here. There will be a topic for each provider in the future, so I think the full topics would be better to address each configuration. Those could be linked here as See also topics. To address what I can now, I'm adding a See also section to #4549 with a link to the key extensibility topic. I already added a line about Docker, and I'm adding another line that external providers are useful in web farm scenarios that also surfaces @joshbartley That won't get everything ur asking for; but when 2.1 comes around, yes, I think what you want will be added to the docs. Those new topics for the external providers will be well linked in here. |
Thanks @guardrex Expanding on the documentation will be good. I just know a few people on the enterprise side look at these docs for on-premise enterprise deployments and that causes some friction in adoption on those environments. I know it caused me some trouble trying to get something going when I didn't have a local Redis server available. Thanks! |
The Key Management documentation at ( https://docs.microsoft.com/en-us/aspnet/core/security/data-protection/configuration/default-settings#data-protection-default-settings) does not account for all scenarios. The four scenarios listed do not account for applications that are load balanced outside of the Azure Web Sites offering.
I think the documentation should be updated with the following information.
Also update the paragraph below the four listed options as " The first three options above should good defaults " is a typo I believe.
Below this, the documentation should provide code samples for configuration for the Startup.cs. The current samples are inside the DataProtection samples folder which is not linked and makes it tougher to find.
I think I can try to write this up and PR this if everyone agrees this is an issue.
The text was updated successfully, but these errors were encountered: