diff --git a/src/SecurityTokenService/Program.cs b/src/SecurityTokenService/Program.cs
index 6deeb1c..87895cf 100644
--- a/src/SecurityTokenService/Program.cs
+++ b/src/SecurityTokenService/Program.cs
@@ -87,7 +87,13 @@ internal static WebApplication CreateApp(string[] args)
             mvcBuilder.AddDapr();
         }
 
-        builder.AddDataProtection();
+        var enableDataProtection = builder.Configuration["DATA_PROTECTION_ENABLE"] ??
+                                   builder.Configuration["DataProtection:Enable"];
+        if ("true".Equals(enableDataProtection, StringComparison.OrdinalIgnoreCase))
+        {
+            builder.AddDataProtection();
+        }
+
         builder.AddSmsSender();
         builder.AddDbContext();
         builder.AddIdentity();
diff --git a/src/SecurityTokenService/WebApplicationBuilderExtensions.cs b/src/SecurityTokenService/WebApplicationBuilderExtensions.cs
index 98426e6..8f92931 100644
--- a/src/SecurityTokenService/WebApplicationBuilderExtensions.cs
+++ b/src/SecurityTokenService/WebApplicationBuilderExtensions.cs
@@ -124,35 +124,6 @@ public static WebApplicationBuilder AddDbContext(this WebApplicationBuilder buil
 
     public static WebApplicationBuilder AddDataProtection(this WebApplicationBuilder builder)
     {
-        var connectionString = builder.Configuration.GetConnectionString("Identity");
-
-        if (builder.Configuration.GetDatabaseType() == "MySql")
-        {
-            using var conn = new MySqlConnection(connectionString);
-            conn.Execute(
-                $"""
-                 create table if not exists system_data_protection_key
-                 (
-                     id int auto_increment primary key,
-                     friendly_name varchar(64) not null,
-                     xml varchar(2000) not null
-                 );
-                 """
-            );
-        }
-        else
-        {
-            using var conn = new NpgsqlConnection(connectionString);
-            conn.Execute($"""
-                          create table if not exists system_data_protection_key
-                          (
-                              id int auto_increment primary key,
-                              friendly_name varchar(64) not null,
-                              xml varchar(2000) not null
-                          );
-                          """);
-        }
-
         // 影响隐私数据加密、AntiToken 加解密
         var dataProtectionBuilder = builder.Services.AddDataProtection()
                 .SetApplicationName("SecurityTokenService")
@@ -161,7 +132,7 @@ xml varchar(2000) not null
                 .DisableAutomaticKeyGeneration()
             ;
         var protectKeysWithCertPath =
-            builder.Configuration["PROTECT_KEYS_WITH_CERT"] ??
+            builder.Configuration["DATA_PROTECTION_PROTECT_KEYS_WITH_CERT"] ??
             builder.Configuration["DataProtection:ProtectKeysWithCert"];
         if (!string.IsNullOrEmpty(protectKeysWithCertPath))
         {