Class KeyManagementOptions

Namespace

Duende.IdentityServer.Configuration

Assembly

Duende.IdentityServer.dll

Options to configure behavior of KeyManager.

public class KeyManagementOptions

Inheritance

object

KeyManagementOptions

Inherited Members

object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Constructors

KeyManagementOptions()

public KeyManagementOptions()

Properties

DataProtectKeys

Automatically protect keys in the storage using data protection. Defaults to true.

public bool DataProtectKeys { get; set; }

Property Value

bool

DeleteRetiredKeys

Automatically delete retired keys. Defaults to true.

public bool DeleteRetiredKeys { get; set; }

Property Value

bool

Enabled

Specifies if key management should be enabled. Defaults to true.

public bool Enabled { get; set; }

Property Value

bool

InitializationDuration

When no keys have been created yet, this is the window of time considered to be an initialization period to allow all servers to synchronize if the keys are being created for the first time. Defaults to 5 minutes.

public TimeSpan InitializationDuration { get; set; }

Property Value

TimeSpan

InitializationKeyCacheDuration

Cache duration when within the initialization period. Defaults to 1 minute.

public TimeSpan InitializationKeyCacheDuration { get; set; }

Property Value

TimeSpan

InitializationSynchronizationDelay

Delay used when re-loading from the store when the initialization period. It allows other servers more time to write new keys so other servers can include them. Defaults to 5 seconds.

public TimeSpan InitializationSynchronizationDelay { get; set; }

Property Value

TimeSpan

KeyCacheDuration

When in normal operation, duration to cache keys from store. Defaults to 24 hours.

public TimeSpan KeyCacheDuration { get; set; }

Property Value

TimeSpan

KeyPath

Path for storing keys when using the default file system store. Defaults to the "keys" directory relative to the hosting application.

public string KeyPath { get; set; }

Property Value

string

PropagationTime

Time expected to propagate new keys to all servers, and time expected all clients to refresh discovery. Defaults to 14 days.

public TimeSpan PropagationTime { get; set; }

Property Value

TimeSpan

RetentionDuration

Duration for keys to remain in discovery after rotation. Defaults to 14 days.

public TimeSpan RetentionDuration { get; set; }

Property Value

TimeSpan

RotationInterval

Age at which keys will no longer be used for signing, but will still be used in discovery for validation. Defaults to 90 days.

public TimeSpan RotationInterval { get; set; }

Property Value

TimeSpan

RsaKeySize

Key size (in bits) of RSA keys. Defaults to 2048.

public int RsaKeySize { get; set; }

Property Value

int

SigningAlgorithms

The signing algorithms allowed. If none are specified, then "RS256" will be used as the default. The first in the collection will be used as the default.

public ICollection<SigningAlgorithmOptions> SigningAlgorithms { get; set; }

Property Value

ICollection<SigningAlgorithmOptions>