Remove exception and conditionally protect keys with KV (#1241)

DFE-Digital · Dec 10, 2024 · f2b0c56 · f2b0c56
1 parent 2bce106
commit f2b0c56
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs b/Dfe.PrepareConversions/Dfe.PrepareConversions/Utils/DataProtectionService.cs
@@ -15,16 +15,15 @@ public static void AddDataProtectionService(this IServiceCollection services, IC
          var dpTargetPath = "@/srv/app/storage";
 
          if (Directory.Exists(dpTargetPath)) {
+            dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath));
+
             // If a Key Vault Key URI is defined, expect to encrypt the keys.xml
             string kvProtectionKeyUri = configuration.GetValue<string>("DataProtection:KeyVaultKey");
 
             if (!string.IsNullOrWhiteSpace(kvProtectionKeyUri))
             {
-               throw new InvalidOperationException("DataProtection:Path is undefined or empty");
+               dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential());
             }
-
-            dp.PersistKeysToFileSystem(new DirectoryInfo(dpTargetPath));
-            dp.ProtectKeysWithAzureKeyVault(new Uri(kvProtectionKeyUri), new DefaultAzureCredential());
          }
       }
    }