Menu
The quickstart sample code uses AddTemporarySigningCredential
The AddTemporarySigningCredential extension creates temporary key material for signing tokens on every start. Again this might be useful to get started, but needs to be replaced by some persistent key material for production scenarios. See the cryptography docs for more information.
Is there a step by step guide on how to replace AddTemporarySigningCredential() with my own persistent key, and deploy identityserver in production?
509
You have a few options on how to have a "persistent" key. Basically you need to use The AddSigningCredential() Extension method to do this. And you will notice that it has an X509Certificate2 argument. The most bare metal way to to deploy this in production is to store the certificate in a cert store and retrieve it from the X509Store. But I would recommend rather using a secret store in the form of Azure Key Vault or Amazon Key Management Service or any other similar cloud offering. Do not deploy the certs as part of your publish artifacts. Rather retrieve your certs from a safe place.
153
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
