The environment in question is the classical setup where the website is in a DMZ and can only talk to RESTful web services behind the DMZ. Add to that the DB is NOT MS SQL, it is Oracle. Are there any HOWTO's out there on configuring ASP.Net Core Data Protection to use a service and what that service needs to do?
Another way to put it would be in terms used on the Configure ASP.NET Core Data Protection page is: how does one create a custom ProtectKeysWith* where the * is a service (as compared to file system, AzureKeyVault, or the other built in options).