Update Data Protection docs to include default behavior when deploying ASP.NET Core apps to ACA #32530
Labels
aspnet-core/svc
security/subsvc
seQUESTered
Identifies that an issue has been imported into Quest.
Source - Docs.ms
Docs Customer feedback via GitHub Issue
Description
Current scenario: ASP.NET Core apps that need to encrypt ephemeral data use Data Protection. If a developer does not configure Data Protection, it defaults to storing the keys on disk. This works fine for single instance applications, but when these apps are deployed to ACA that auto-scales, the app breaks because there is currently no way to share the keys between these instances without explicit configuration by the app author.
Changes: Now, when a user creates a new ASP.NET Core app that pulls in Data Protection, an environment variable that has been added will put Data Protection in read-only mode by default (dotnet/aspnetcore#54266). If a user decides to configure data protection themselves, it will override the default. This change has been backported to .NET 8 so it will work for any version 8 or higher. When ACA detects a .NET app is being deployed, they set their environment variable "autoConfigureDataProtection" to true and will spin up a key manager and will handle the writing/sharing keys across multiple instances when the app auto-scales (Azure/azure-rest-api-specs#28001). This allows ASP.NET Core apps that pull in Data Protection to easily scale horizontally when deployed to ACA by providing a default configuration.
Ask: This is a high-priority end-to-end scenario so I'd like to add docs specific to the default behavior when deploying an ASP.NET Core app to Azure Container Apps that talk about the new default behavior.
Will need to be reviewed by @amcasey, @adityamandaleeka, @bradygaster, @AnqiLi6, @blowdart
Ideal ship timeline: May 21st - May 27th
Page URL
https://learn.microsoft.com/en-us/aspnet/core/security/data-protection/introduction?view=aspnetcore-8.0
Content source URL
https://github.com/dotnet/AspNetCore.Docs/blob/main/aspnetcore/security/data-protection/introduction.md
Document ID
d42b1eab-9682-ea69-f203-e519b456a56f
Article author
@Rick-Anderson
Associated WorkItem - 252761
The text was updated successfully, but these errors were encountered: