you can store keys in a file system folder, but, of course, there are security problems, but the problems are similar to those stored in the web.config file.
Another thing is that there are more than one key with the machine key, the keys in the api data protection expire after a certain period, and if necessary, new keys are automatically created. If you encrypt something using the data protection api and save it, for example, in a database, you may need to decrypt it later using expired keys
This example stores the keys in a folder named dp_keys in the main folder of the web application.
string pathToCryptoKeys = Path.Combine(environment.ContentRootPath, "dp_keys"); services.AddDataProtection() .PersistKeysToFileSystem(new System.IO.DirectoryInfo(pathToCryptoKeys));
Please note that storing keys in the file system is not recommended. In docs there is a powershell script that allows you to store keys in the application pool in the registry. Azure has an Azure Key storage for storing data protection keys.