PersistKeysToFileSystem when selfhosted

src/Api/.dockerignore

@@ -1,3 +1,4 @@
 *
 !obj/Docker/publish/*
 !obj/Docker/empty/
+!entrypoint.sh

src/Api/Dockerfile

@@ -22,4 +22,7 @@ done
 WORKDIR /app
 EXPOSE 80
 COPY obj/Docker/publish .
-ENTRYPOINT ["dotnet", "Api.dll"]
+
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+ENTRYPOINT ["/entrypoint.sh"]

src/Api/entrypoint.sh

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+dotnet /app/Api.dll

src/Core/Utilities/ServiceCollectionExtensions.cs

@@ -17,6 +17,7 @@ using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.WindowsAzure.Storage;
 using System;
+using System.IO;
 using SqlServerRepos = Bit.Core.Repositories.SqlServer;
 
 namespace Bit.Core.Utilities
@@ -195,10 +196,19 @@ namespace Bit.Core.Utilities
         public static void AddCustomDataProtectionServices(
             this IServiceCollection services, IHostingEnvironment env, GlobalSettings globalSettings)
         {
+            if(env.IsDevelopment())
+            {
+                return;
+            }
+
+            if(globalSettings.SelfHosted)
+            {
+                var dir = new DirectoryInfo("/etc/bitwarden/core/aspnet-dataprotection");
+                services.AddDataProtection().PersistKeysToFileSystem(dir);
+            }
+
 #if NET461
-            if(!env.IsDevelopment() && !globalSettings.SelfHosted &&
-                !string.IsNullOrWhiteSpace(globalSettings.Storage.ConnectionString) &&
-                !string.IsNullOrWhiteSpace(globalSettings.DataProtection.CertificateThumbprint))
+            if(!globalSettings.SelfHosted)
             {
                 var dataProtectionCert = CoreHelpers.GetCertificate(globalSettings.DataProtection.CertificateThumbprint);
                 var storageAccount = CloudStorageAccount.Parse(globalSettings.Storage.ConnectionString);