diff --git a/src/NzbDrone.Common/Extensions/PathExtensions.cs b/src/NzbDrone.Common/Extensions/PathExtensions.cs
index 3618afd62..8d0e611a3 100644
--- a/src/NzbDrone.Common/Extensions/PathExtensions.cs
+++ b/src/NzbDrone.Common/Extensions/PathExtensions.cs
@@ -286,6 +286,11 @@ namespace NzbDrone.Common.Extensions
             return appFolderInfo.AppDataFolder;
         }
 
+        public static string GetDataProtectionPath(this IAppFolderInfo appFolderInfo)
+        {
+            return Path.Combine(GetAppDataPath(appFolderInfo), "asp");
+        }
+
         public static string GetLogFolder(this IAppFolderInfo appFolderInfo)
         {
             return Path.Combine(GetAppDataPath(appFolderInfo), "logs");
diff --git a/src/NzbDrone.Host/Bootstrap.cs b/src/NzbDrone.Host/Bootstrap.cs
index e6c0d1944..9b1ac6d5b 100644
--- a/src/NzbDrone.Host/Bootstrap.cs
+++ b/src/NzbDrone.Host/Bootstrap.cs
@@ -7,8 +7,10 @@ using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using DryIoc;
 using DryIoc.Microsoft.DependencyInjection;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
+using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Hosting.WindowsServices;
 using NLog;
@@ -132,6 +134,7 @@ namespace NzbDrone.Host
                 })
                 .ConfigureWebHost(builder =>
                 {
+                    builder.UseConfiguration(config);
                     builder.UseUrls(urls.ToArray());
                     builder.UseKestrel(options =>
                     {
@@ -198,6 +201,7 @@ namespace NzbDrone.Host
             var appFolder = new AppFolderInfo(context);
             return new ConfigurationBuilder()
                 .AddXmlFile(appFolder.GetConfigPath(), optional: true, reloadOnChange: false)
+                .AddInMemoryCollection(new List<KeyValuePair<string, string>> { new ("dataProtectionFolder", appFolder.GetDataProtectionPath()) })
                 .Build();
         }
 
diff --git a/src/NzbDrone.Host/Startup.cs b/src/NzbDrone.Host/Startup.cs
index e8a57b1d4..a614d2067 100644
--- a/src/NzbDrone.Host/Startup.cs
+++ b/src/NzbDrone.Host/Startup.cs
@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.IO;
 using Lidarr.Api.V1.System;
 using Lidarr.Http;
 using Lidarr.Http.Authentication;
@@ -8,6 +9,7 @@ using Lidarr.Http.Frontend;
 using Lidarr.Http.Middleware;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.HttpOverrides;
 using Microsoft.AspNetCore.Mvc;
@@ -46,6 +48,7 @@ namespace NzbDrone.Host
                 b.SetMinimumLevel(Microsoft.Extensions.Logging.LogLevel.Trace);
                 b.AddFilter("Microsoft.AspNetCore", Microsoft.Extensions.Logging.LogLevel.Warning);
                 b.AddFilter("Lidarr.Http.Authentication", LogLevel.Information);
+                b.AddFilter("Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager", LogLevel.Error);
                 b.AddNLog();
             });
 
@@ -95,6 +98,9 @@ namespace NzbDrone.Host
                 options.PayloadSerializerOptions = STJson.GetSerializerSettings();
             });
 
+            services.AddDataProtection()
+                .PersistKeysToFileSystem(new DirectoryInfo(Configuration["dataProtectionFolder"]));
+
             services.AddSingleton<IAuthorizationPolicyProvider, UiAuthorizationPolicyProvider>();
             services.AddAuthorization(options =>
             {