Reputation: 65147
IdentityServer4: how to add persistent key and deploy in production?
The quickstart sample code uses AddTemporarySigningCredential
The AddTemporarySigningCredential extension creates temporary key material for signing tokens on every start. Again this might be useful to get started, but needs to be replaced by some persistent key material for production scenarios. See the cryptography docs for more information.
Is there a step by step guide on how to replace AddTemporarySigningCredential() with my own persistent key, and deploy identityserver in production?
Upvotes: 5
Views: 1888
Answers (2)
Reputation: 96
I still have to do it myself, but according to the docs you should use AddSigningCredential. I found an entry at MSDN which explains it in the section Adding IdentityServer4.
Upvotes: 4
Reputation: 5010
You have a few options on how to have a "persistent" key. Basically you need to use The AddSigningCredential() Extension method to do this. And you will notice that it has an X509Certificate2 argument. The most bare metal way to to deploy this in production is to store the certificate in a cert store and retrieve it from the X509Store. But I would recommend rather using a secret store in the form of Azure Key Vault or Amazon Key Management Service or any other similar cloud offering. Do not deploy the certs as part of your publish artifacts. Rather retrieve your certs from a safe place.
Upvotes: 4
Related Questions
- How To Generate and Add a Signing Key for Identity Server 4?
- How to configure IdentityServer in ASP.NET Core 3.1 production
- IdentityServer4 API Key Support
- Deployment Issues with IdentityServer on Azure
- Manually generate IdentityServer4 reference token and save to PersistedGrants table
- Identity Server 4
- AspNet Core3 Identity configuration
- IdentityServer4 with persistent database
- ASP .NET Core MVC deploy to azure Identity Server 4
- IdentityServer4 and ASP.NETCore 1.x