diff --git a/identity-server/templates/src/IdentityServer/Extensions/HostingExtensions.cs b/identity-server/templates/src/IdentityServer/Extensions/HostingExtensions.cs
index 0d09d0485..a07fc89fe 100644
--- a/identity-server/templates/src/IdentityServer/Extensions/HostingExtensions.cs
+++ b/identity-server/templates/src/IdentityServer/Extensions/HostingExtensions.cs
@@ -4,6 +4,7 @@ using Duende.IdentityServer;
 using IdentityServerTemplate.Pages.Admin.ApiScopes;
 using IdentityServerTemplate.Pages.Admin.Clients;
 using IdentityServerTemplate.Pages.Admin.IdentityScopes;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.StaticFiles;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
@@ -137,6 +138,11 @@ internal static class HostingExtensions
             _ = builder.Services.AddTransient<ApiScopeRepository>();
         }
 
+        // Add `.PersistKeysTo…()` and `.ProtectKeysWith…()` calls
+        // See more at https://docs.duendesoftware.com/general/data-protection
+        _ = builder.Services.AddDataProtection()
+            .SetApplicationName("IdentityServer");
+
         // this adds the necessary config for the portal page
         _ = builder.Services.AddTransient<Pages.Portal.ClientRepository>();
 
diff --git a/identity-server/templates/src/IdentityServerAspNetIdentity/HostingExtensions.cs b/identity-server/templates/src/IdentityServerAspNetIdentity/HostingExtensions.cs
index beba36508..ba117ff5e 100644
--- a/identity-server/templates/src/IdentityServerAspNetIdentity/HostingExtensions.cs
+++ b/identity-server/templates/src/IdentityServerAspNetIdentity/HostingExtensions.cs
@@ -2,6 +2,7 @@ using System.Globalization;
 using Duende.IdentityServer;
 using IdentityServerHost.Data;
 using IdentityServerHost.Models;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
@@ -96,6 +97,11 @@ internal static class HostingExtensions
                 };
             });
 
+        // Add `.PersistKeysTo…()` and `.ProtectKeysWith…()` calls
+        // See more at https://docs.duendesoftware.com/general/data-protection
+        _ = builder.Services.AddDataProtection()
+            .SetApplicationName("IdentityServer");
+
         return builder.Build();
     }
 
diff --git a/identity-server/templates/src/IdentityServerEmpty/HostingExtensions.cs b/identity-server/templates/src/IdentityServerEmpty/HostingExtensions.cs
index 6605cb3a3..d344c23ab 100644
--- a/identity-server/templates/src/IdentityServerEmpty/HostingExtensions.cs
+++ b/identity-server/templates/src/IdentityServerEmpty/HostingExtensions.cs
@@ -1,4 +1,5 @@
 using System.Globalization;
+using Microsoft.AspNetCore.DataProtection;
 using Serilog;
 using Serilog.Filters;
 
@@ -51,6 +52,11 @@ internal static class HostingExtensions
             .AddInMemoryClients(Config.Clients)
             .AddLicenseSummary();
 
+        // Add `.PersistKeysTo…()` and `.ProtectKeysWith…()` calls
+        // See more at https://docs.duendesoftware.com/general/data-protection
+        _ = builder.Services.AddDataProtection()
+            .SetApplicationName("IdentityServer");
+
         return builder.Build();
     }
 
diff --git a/identity-server/templates/src/IdentityServerEntityFramework/HostingExtensions.cs b/identity-server/templates/src/IdentityServerEntityFramework/HostingExtensions.cs
index 8458a7ed1..c205cd61c 100644
--- a/identity-server/templates/src/IdentityServerEntityFramework/HostingExtensions.cs
+++ b/identity-server/templates/src/IdentityServerEntityFramework/HostingExtensions.cs
@@ -4,6 +4,7 @@ using IdentityServerHost.Pages;
 using IdentityServerHost.Pages.Admin.ApiScopes;
 using IdentityServerHost.Pages.Admin.Clients;
 using IdentityServerHost.Pages.Admin.IdentityScopes;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Mvc.RazorPages;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.IdentityModel.Tokens;
@@ -121,6 +122,11 @@ internal static class HostingExtensions
             _ = builder.Services.AddTransient<ApiScopeRepository>();
         }
 
+        // Add `.PersistKeysTo…()` and `.ProtectKeysWith…()` calls
+        // See more at https://docs.duendesoftware.com/general/data-protection
+        _ = builder.Services.AddDataProtection()
+            .SetApplicationName("IdentityServer");
+
         // if you want to use server-side sessions: https://blog.duendesoftware.com/posts/20220406_session_management/
         // then enable it
         //isBuilder.AddServerSideSessions();
diff --git a/identity-server/templates/src/IdentityServerInMem/HostingExtensions.cs b/identity-server/templates/src/IdentityServerInMem/HostingExtensions.cs
index b89ef03d9..26d3bdfdf 100644
--- a/identity-server/templates/src/IdentityServerInMem/HostingExtensions.cs
+++ b/identity-server/templates/src/IdentityServerInMem/HostingExtensions.cs
@@ -1,6 +1,7 @@
 using System.Globalization;
 using Duende.IdentityServer;
 using IdentityServerHost.Pages;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.IdentityModel.Tokens;
 using Serilog;
 using Serilog.Filters;
@@ -101,6 +102,11 @@ internal static class HostingExtensions
                 };
             });
 
+        // Add `.PersistKeysTo…()` and `.ProtectKeysWith…()` calls
+        // See more at https://docs.duendesoftware.com/general/data-protection
+        _ = builder.Services.AddDataProtection()
+            .SetApplicationName("IdentityServer");
+
         return builder.Build();
     }