We have a service deployed with this code:
<code>services.AddDataProtection(opt =>
opt.ApplicationDiscriminator = configurationOptions.Authentication.AzureAd.ClientId)
.PersistKeysToAzureBlobStorage(
new Uri(storageAccountEndpointUri), new DefaultAzureCredential())
.ProtectKeysWithAzureKeyVault(
new Uri(configurationOptions.StorageAccountKeyVaultProtectKeyIdentifier),
new DefaultAzureCredential());
</code>
<code>services.AddDataProtection(opt =>
opt.ApplicationDiscriminator = configurationOptions.Authentication.AzureAd.ClientId)
.PersistKeysToAzureBlobStorage(
new Uri(storageAccountEndpointUri), new DefaultAzureCredential())
.ProtectKeysWithAzureKeyVault(
new Uri(configurationOptions.StorageAccountKeyVaultProtectKeyIdentifier),
new DefaultAzureCredential());
</code>
services.AddDataProtection(opt =>
opt.ApplicationDiscriminator = configurationOptions.Authentication.AzureAd.ClientId)
.PersistKeysToAzureBlobStorage(
new Uri(storageAccountEndpointUri), new DefaultAzureCredential())
.ProtectKeysWithAzureKeyVault(
new Uri(configurationOptions.StorageAccountKeyVaultProtectKeyIdentifier),
new DefaultAzureCredential());
However, the service is not loading and the logs have this error:
“An error occurred while reading the key ring” and it seems to be from “Microsoft.AspNetCore.DataProtection.KeyManagement.KeyRingProvider”
This is the only error that is there and I am unable to understand the source of this error. Any pointers here would be greatly appreciated!
9
The error message was thrown due to an incorrect domain name suffix in the China cloud configuration file for the storage account that was getting created as part of the deployment. Once the domain name suffix was updated in the config, it started to work.