Description
Background and Motivation
Today, DataProtectionProvider offers a number of different Create factory methods. All of them take either an application name or a key directory, along with a few other parameters.
However, it is possible to use data protection without storing keys on the file system. This is doable with the API today via the setup action parameter, but it is awkward because you still have to pass a key directory which is not used. For example:
var provider = DataProtectionProvider.Create(
new DirectoryInfo(@"X:\fake\directory"), // ignored
b =>
{
b.SetApplicationName("APTPlatform");
b.Services.AddSingleton<IConfigureOptions<KeyManagementOptions>>(services =>
{
return new ConfigureOptions<KeyManagementOptions>(o =>
{
o.XmlRepository = new MyRepository();
...
});
});
});
Proposed API
namespace Microsoft.AspNetCore.DataProtection;
public static class DataProtectionProvider
{
+ public static IDataProtectionProvider Create(Action<IDataProtectionBuilder> setupAction);
}
Usage Examples
var provider = DataProtectionProvider.Create(
b => b.SetApplicationName(...).PersistKeysTo...().ProtectKeysWith...()
);
Alternative Designs
Rather than requiring only setupAction, we could offer a creation method with application name + setup action. I'm not sure why the current set of create methods were designed the way they were (e.g. why do we think users will either know the key directory or the application name?).
Risks
The risk seems low, since you can effectively do this today by just overriding the key persistence in your setup action. However, it would make the code a bit easier to understand.