diff --git a/src/PowderCoating.Web/Program.cs b/src/PowderCoating.Web/Program.cs
index e1d07b5..e22e310 100644
--- a/src/PowderCoating.Web/Program.cs
+++ b/src/PowderCoating.Web/Program.cs
@@ -147,10 +147,22 @@ if (builder.Environment.IsProduction())
 }
 else
 {
-    var keysPath = Path.Combine(builder.Environment.ContentRootPath, "DataProtection-Keys");
-    builder.Services.AddDataProtection()
-        .PersistKeysToFileSystem(new DirectoryInfo(keysPath))
-        .SetApplicationName("PowderCoatingApp");
+    // Use Azure Blob Storage when the connection string is available (dev/staging servers).
+    // Fall back to local filesystem for developer workstations where storage isn't configured.
+    var devStorageConnStr = builder.Configuration["Storage:ConnectionString"];
+    if (!string.IsNullOrEmpty(devStorageConnStr))
+    {
+        builder.Services.AddDataProtection()
+            .PersistKeysToAzureBlobStorage(devStorageConnStr, "dataprotection-dev", "keys.xml")
+            .SetApplicationName("PowderCoatingApp");
+    }
+    else
+    {
+        var keysPath = Path.Combine(builder.Environment.ContentRootPath, "DataProtection-Keys");
+        builder.Services.AddDataProtection()
+            .PersistKeysToFileSystem(new DirectoryInfo(keysPath))
+            .SetApplicationName("PowderCoatingApp");
+    }
 }
 
 // Configure Identity