Merge pull request #920 from DuendeSoftware/wca/data-prot-redis

Added PersistKeysToStackExchangeRedis as an option plus a giant warning

Author: maartenba

src/content/docs/identityserver/deployment/index.md

@@ -110,7 +110,8 @@ A typical IdentityServer implementation should include data protection configura
 builder.Services.AddDataProtection()
   // Choose an extension method for key persistence, such as 
   // PersistKeysToFileSystem, PersistKeysToDbContext, 
-  // PersistKeysToAzureBlobStorage, or PersistKeysToAWSSystemsManager
+  // PersistKeysToAzureBlobStorage, PersistKeysToAWSSystemsManager, or
+  // PersistKeysToStackExchangeRedis
   .PersistKeysToFoo()
   // Choose an extension method for key protection, such as 
   // ProtectKeysWithCertificate, ProtectKeysWithAzureKeyVault
@@ -120,6 +121,12 @@ builder.Services.AddDataProtection()
   .SetApplicationName("IdentityServer");
 ```
 
+:::danger[Ensure Redis data is persisted]
+If you are using Redis to store data protection keys using `PersistKeysToStackExchangeRedis`, ensure that your Redis
+service is configured to persist data to a database backup or append-only file. Otherwise, when your Redis instance reboots,
+you will lose all data protection keys, causing all data protected with those keys to no longer be readable.
+:::
+
 ### Data Protection Keys and IdentityServer's Signing Keys
 
 ASP.NET's data protection keys are sometimes confused with IdentityServer's signing keys, but the two are completely
@@ -196,7 +203,6 @@ Duende IdentityServer's features that rely on data protection include
 
 ## IdentityServer Data Stores
 
-
 IdentityServer itself is stateless and does not require server affinity - but there is data that needs to be shared between in multi-instance deployments.
 
 ### Configuration Data