C

C#

help

Join Server

(Docker) No XML encryptor configured. Key {Guid} may be persisted to storage in unencrypted form.

TThaumanovic8/14/2022
I have configured key encryption on my AspNetCore app, and it works fine locally, but on staging and prod where the app runs in docker, I get the following warning each time the app restarts:

No XML encryptor configured. Key {Guid} may be persisted to storage in unencrypted form.

I have it configured like so:
services.AddDataProtection().UseCryptographicAlgorithms(
    new AuthenticatedEncryptorConfiguration
    {
        EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
        ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
    });


And it working locally:
[17:13:18 DBG] Found key {9ba0b473-a76e-4db9-8923-6a24a3493b15}.
[17:13:18 DBG] Considering key {9ba0b473-a76e-4db9-8923-6a24a3493b15} with expiration date 2022-09-10 12:50:51Z as default key.
[17:13:18 DBG] Forwarded activator type request from Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Version=6.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.XmlEncryption.DpapiXmlDecryptor, Microsoft.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
[17:13:18 DBG] Decrypting secret element using Windows DPAPI.
[17:13:18 DBG] Forwarded activator type request from Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsoft.AspNetCore.DataProtection, Version=6.0.0.0, Culture=neutral, PublicKeyToken=adb9793829ddae60 to Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel.AuthenticatedEncryptorDescriptorDeserializer, Microsof
t.AspNetCore.DataProtection, Culture=neutral, PublicKeyToken=adb9793829ddae60
[17:13:18 DBG] Opening CNG algorithm 'AES' from provider 'null' with chaining mode CBC.
[17:13:18 DBG] Opening CNG algorithm 'SHA256' from provider 'null' with HMAC.
[17:13:18 DBG] Using key {9ba0b473-a76e-4db9-8923-6a24a3493b15} as the default key.
[17:13:18 DBG] Key ring with default key {9ba0b473-a76e-4db9-8923-6a24a3493b15} was loaded during application startup.


Does anyone know of a fix?