feat: specify data protection key persistence location

Author: kyleratti

WebApi/Options/HostingOptions.cs

@@ -9,4 +9,9 @@ public class HostingOptions
 	/// Enable the HTTPS redirection middleware.
 	/// </summary>
 	public bool EnableHttpsRedirect { get; set; } = true;
+
+	/// <summary>
+	/// The directory to store the data protection keys.
+	/// </summary>
+	public string? DataProtectionKeysPath { get; set; }
 }

WebApi/Program.cs

@@ -6,6 +6,9 @@
 using BackgroundProcessor.Templates;
 using Core.AppSettings;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.DataProtection;
+using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
+using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Data.Sqlite;
 using Microsoft.Extensions.Configuration.AzureAppConfiguration;
@@ -116,6 +119,19 @@ static void ConfigureServices(IServiceCollection services, IConfiguration config
 		opts.FallbackPolicy = policy;
 	});
 
+	var hostingOptions = configuration.GetSection("Hosting").Get<HostingOptions>();
+
+	if (!string.IsNullOrEmpty(hostingOptions?.DataProtectionKeysPath))
+	{
+		services.AddDataProtection()
+			.PersistKeysToFileSystem(new DirectoryInfo(hostingOptions.DataProtectionKeysPath))
+			.UseCryptographicAlgorithms(new AuthenticatedEncryptorConfiguration
+			{
+				EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
+				ValidationAlgorithm = ValidationAlgorithm.HMACSHA512,
+			});
+	}
+
 	services.Configure<RedditSettings>(configuration.GetSection("RedditSettings"));
 
 	services.AddMemoryCache();