No XML encryptor configured warning
See original GitHub issueWhen running ASP.Net Core 2.0 Web API endpoints which use JWT based authentication we always see the following error, despite not - as I understand matters - requiring Data Protection:
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35] No XML encryptor configured. Key {GUID} may be persisted to storage in unencrypted form.
Is there some way of preventing this warning? Will this cause us any issues?
Our system comprises of Web API HTTP endpoints running on Docker managed by Kubernetes with all JWTs issued by an authentication endpoint.
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (1 by maintainers)
Top Results From Across the Web
Net Core warning No XML encryptor configured
When I start my service (API on .Net Core 2.2 in Docker container) I've got a warning: No XML encryptor configured. Key {daa53741-8295-4c9b-ae9c ......
Read more >"No XML encryptor configured" - Should I worry?
Given that it is only a warning and does not affect operation of SQL Server, my guess is that it not an issue...
Read more >[Solved]-.Net Core warning No XML encryptor configured-.net ...
i see many reasons to having this error in the development environment, generally file read permission or couldn't find or no file. don't...
Read more >Key management extensibility in ASP.NET Core
(If no IXmlEncryptor is configured, the unencrypted document is persisted in the IXmlRepository .) Key Retrieval.
Read more >Using an in-memory repository" and "No XML encryptor ...
I am new to Kubernetes and encountering an error while trying to deploy my .net core application in a Kubernetes cluster.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Data Protection is also used by internal components, for example MVC uses it for CSRF tokens. Now if you’re only using WebAPI with no CSRF because you’re using the right authentication method, bearer tokens, you can safely ignore this.
Thank you both for your replies. I had read through all the available doco and gone through a lot of the source code trying to find a definitive answer and could not see why we would need the Data Protection; however, I did not want to make an assumption which later turned out to be incorrect,.
We are indeed only using WebAPI with bearer tokens.