From 707e39e70a7a59cd9e30c9caba4b4cbd8c2d375b Mon Sep 17 00:00:00 2001
From: "Achim H." <hermann.Achim@gmail.com>
Date: Thu, 11 Jun 2026 08:05:59 +0200
Subject: [PATCH] added pvc saving of Key

---
 Program.cs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/Program.cs b/Program.cs
index 9cced66..abd9647 100644
--- a/Program.cs
+++ b/Program.cs
@@ -10,10 +10,22 @@ using Microsoft.AspNetCore.Components.Server;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Mvc;
+// SECDEVOPS: Namespaces für Data Protection hinzufügen
+using System.IO;
+using Microsoft.AspNetCore.DataProtection;
 
 // Initialisieren des Web Builders, der den Server und die Umgebung vorbereitet
 var builder = WebApplication.CreateBuilder(args);
 
+// ==========================================
+// SECDEVOPS: Data Protection für K8s PVC & Key-Rotation
+// ==========================================
+var keysFolder = new DirectoryInfo(@"/app/data/dp-keys");
+
+builder.Services.AddDataProtection()
+    .PersistKeysToFileSystem(keysFolder)
+    .SetApplicationName("SecDevOpsLabApp"); // Bindet die Keys fix an diese App (Wichtig für Replicas)
+
 // NEU: Blazor-Authentifizierungsdienste registrieren
 builder.Services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
     .AddCookie(options =>