part 1 of mark review

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
2023-05-16 14:53:16 -04:00 · 2023-05-16 14:53:16 -04:00 · 2fb6772ad9
parent cfb6ac0bbf
commit 2fb6772ad9
11 changed files with 28 additions and 104 deletions
--- a/daprdocs/content/en/concepts/building-blocks-concept.md
+++ b/daprdocs/content/en/concepts/building-blocks-concept.md
@ -30,4 +30,4 @@ The following are the building blocks provided by Dapr:
 | [**Configuration**]({{< ref "configuration-api-overview.md" >}}) | `/v1.0-alpha1/configuration` | The Configuration API enables you to retrieve and subscribe to application configuration items for supported configuration stores. This enables an application to retrieve specific configuration information, for example, at start up or when configuration changes are made in the store. 
 | [**Distributed lock**]({{< ref "distributed-lock-api-overview.md" >}}) | `/v1.0-alpha1/lock` | The distributed lock API enables you to take a lock on a resource so that multiple instances of an application can access the resource without conflicts and provide consistency guarantees.  
 | [**Workflows**]({{< ref "workflow-overview.md" >}}) | `/v1.0-alpha1/workflow` | The Workflow API enables you to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. The Workflow API can be combined with other Dapr API building blocks. For example, a workflow can call another service with service invocation or retrieve secrets, providing flexibility and portability. 
-| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | `/v1.0-alpha1/crypto` | The Cryptography API enables you to perform operations, such as encrypting and decrypting messages. Using different comopnetns, Dapr translates operation calls into the correct format for the supported backend. Dapr uses algorithms configured to forbid the usage of unsafe algorithms and operations. 
+| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | `/v1.0-alpha1/crypto` | The Cryptography API enables you to perform operations for encrypting and decrypting messages. 
--- a/daprdocs/content/en/concepts/components-concept.md
+++ b/daprdocs/content/en/concepts/components-concept.md
@ -110,10 +110,10 @@ A [workflow]({{< ref workflow-overview.md >}}) is custom application logic that

 ### Cryptography

-[Cryptography]({{< ref cryptography-overview.md >}}) components perform API operations on supported backends, such as encrypting and decrypting messages. 
+[Cryptography]({{< ref cryptography-overview.md >}}) components are used to encrypt and decrypt messages with cryptography services. 

- [List of supported cryptography components](todo)
- [Cryptography implementations](todo) 
+- [List of supported cryptography components]({{< ref supported-cryptography >}})
+- [Cryptography implementations](https://github.com/dapr/components-contrib/tree/master/cryptography) 

 ### Middleware

--- a/daprdocs/content/en/concepts/overview.md
+++ b/daprdocs/content/en/concepts/overview.md
@ -45,8 +45,7 @@ Each of these building block APIs is independent, meaning that you can use one,
 | [**Configuration**]({{< ref "configuration-api-overview.md" >}})  | The configuration API enables you to retrieve and subscribe to application configuration items from configuration stores. 
 | [**Distributed lock**]({{< ref "distributed-lock-api-overview.md" >}})  | The distributed lock API enables your application to acquire a lock for any resource that gives it exclusive access until either the lock is released by the application, or a lease timeout occurs. 
 | [**Workflows**]({{< ref "workflow-overview.md" >}}) | The workflow API can be combined with other Dapr building blocks to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. 
-| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | Like with secret stores, Dapr's cryptography API offers an abstraction layer on top of key vaults. This layer allows you to perform operations, like encrypting and decrypting messages.   
-
+| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | Similar to the secrets API, the cryptography API provides an abstraction layer on top of security infrastructure such as secret/encryption vaults. This API allows you to perform operations to encrypt and decrypt messages.   

 ## Sidecar architecture

--- a/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md
+++ b/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md
@ -6,32 +6,32 @@ weight: 1000
 description: "Overview of Dapr Cryptography"
 ---

-With the Cryptography API, you can leverage cryptography in a safe and consistent way. Dapr exposes an API that allows you to ask Dapr to perform operations, such as encrypting and decrypting messages.
+With the cryptography API, you can leverage cryptography in a safe and consistent way. Dapr exposes an API that allows you to ask Dapr to perform operations, such as encrypting and decrypting messages.

 ## Why Cryptography?

-Modern applications make extensive use of cryptography, which, when implemented correctly, can make solutions safer even when data is compromised. In certain cases, you may be required to use cryptography to comply with industry regulations (banking) or legal requirements (GDPR). 
+Applications make extensive use of cryptography, which, when implemented correctly, can make solutions safer even when data is compromised. In certain cases, you may be required to use cryptography to comply with industry regulations (banking) or legal requirements (GDPR).  

 However, leveraging cryptography is difficult; you need to:
 - Pick the right algorithms and options
 - Learn the proper way to manage and protect keys
- Navigate operational complexities when your team wants limit access to cryptographic key material
+- Navigate operational complexities when you wants limit access to cryptographic key material

-Organizations have increasingly used tools and services to perform crypto outside of applications, including:
- Azure Key Vault, AWS KMS, Google Cloud KMS, etc. 
- On-prem HSM products like Thales Luna 
+Organizations have increasingly used tools and services to perform cryptography outside of applications, including:
+- Hashicorp Vault, Azure Key Vault, AWS Key Management Service (KMS), Google Cloud KMS, etc.  
+- On-prem Hardware Security Module (HSM) products like Thales Luna  

-While those products/services perform the same or very similar operations, their APIs are very different.
+While those products/services perform the same or very similar operations, their APIs are different.

 ## Cryptography in Dapr

-Just like how Dapr offers an abstraction on top of secret stores, Dapr offers an abstraction layer on top of key vaults.
+Similar to how Dapr offers an abstraction on top of secret stores, Dapr offers an abstraction layer on top of key management services or vaults (for the rest of this document referred to as "vaults").

 With this abstraction layer, you can perform cryptographic operations without having to access raw key material. Dapr provides a selection of correctly configured algorithms that forbid the usage of unsafe algorithms and operations. 

 Todo: diagram

-Using the cryptography in Dapr:
+By using the cryptography API, it:

 - Makes it easier for you to perform cryptographic operations in a safe way. Dapr provides safeguards against using unsafe algorithms, or using algorithms with unsafe options.
 - Keeps keys outside of applications. Applications never see key material, but can request the vault to perform operations with the keys.
@ -39,7 +39,7 @@ Using the cryptography in Dapr:
 - Simplifies key management and key rotation. Keys are managed in the vault and outside of the application, and they can be rotated without needing the developers to be involved (or even without restarting the apps).
 - Enables better audit logging to monitor when operations are performed with keys in the vault.

-[Learn more about the cryptography API]({{< ref cryptography_API.md >}})
+> Only gRPC is available in the alpha release.

 ## Features

@ -51,5 +51,4 @@ Todo: cryptography building block features organized under header 3 sections.

 ## Related links
 - [Cryptography overview]({{< ref cryptography-overview.md >}})
- [Cryptography API reference]({{< ref cryptography_api.md >}})
 - [Cryptography component specs]({{< ref supported-cryptography >}})
--- a/daprdocs/content/en/developing-applications/building-blocks/cryptography/howto-cryptography.md
+++ b/daprdocs/content/en/developing-applications/building-blocks/cryptography/howto-cryptography.md
@ -6,10 +6,11 @@ weight: 2000
 description: "Learn how to encrypt and decrypt files"
 ---

-Now that you've read about [Cryptography as a Dapr building block]({{< ref cryptography-overview.md >}}), let's walk through using the [high-level cryptography APIs]({{< ref cryptography_api.md >}}) with the Dapr SDKs. 
+Now that you've read about [Cryptography as a Dapr building block]({{< ref cryptography-overview.md >}}), let's walk through using the cryptography APIs with the SDKs.  

 {{% alert title="Note" color="primary" %}}
-Dapr Cryptography is currently in alpha.
+  Dapr cryptography is currently in alpha.
+
 {{% /alert %}}

 ## Encrypt
@ -103,5 +104,4 @@ out, err := sdkClient.Decrypt(context.Background(), rf, dapr.EncryptOptions{
 {{< /tabs >}}

 ## Next steps
- [Cryptography API reference]({{< ref cryptography_api.md >}})
- [Cryptography component specs]({{< ref supported-cryptography >}})
+[Cryptography component specs]({{< ref supported-cryptography >}})
--- a/daprdocs/content/en/operations/support/support-preview-features.md
+++ b/daprdocs/content/en/operations/support/support-preview-features.md
@ -21,7 +21,7 @@ For CLI there is no explicit opt-in, just the version that this was first made a
 | **Pluggable components** | Allows creating self-hosted gRPC-based components written in any language that supports gRPC. The following component APIs are supported: State stores, Pub/sub, Bindings | N/A | [Pluggable components concept]({{<ref "components-concept#pluggable-components" >}})| v1.9  |
 | **Multi-App Run** | Configure multiple Dapr applications from a single configuration file and run from a single command | `dapr run -f` | [Multi-App Run]({{< ref multi-app-dapr-run.md >}}) | v1.10 |
 | **Workflows** | Author workflows as code to automate and orchestrate tasks within your application, like messaging, state management, and failure handling | N/A | [Workflows concept]({{< ref "components-concept#workflows" >}})| v1.10  |
-| **Crytpography** | leverage cryptography in a safe and consistent way. | N/A | [Cryptography concept]({{< ref "components-concept#cryptography" >}})| v1.11  |
+| **Cryptography** | Encrypt or decrypt data without having to manage secrets keys  | N/A | [Cryptography concept]({{< ref "components-concept#cryptography" >}})| v1.11  |


 ### Streaming for HTTP service invocation
--- a/daprdocs/content/en/reference/api/cryptography_api.md
+++ b/daprdocs/content/en/reference/api/cryptography_api.md
@ -1,70 +0,0 @@
---
-type: docs
-title: "Cryptography API reference"
-linkTitle: "Cryptography API"
-description: "Detailed documentation on the cryptography API"
-weight: 900
---
-
-## Component format
-
-A Dapr `crypto.yaml` component file has the following structure:
-
-```yaml
-apiVersion: dapr.io/v1alpha1
-kind: Component
-metadata:
-  name: <NAME>
-spec:
-  type: crypto.<TYPE>
-  version: v1.0-alpha1
-  metadata:
-  - name: <NAME>
-    value: <VALUE>
- ```
-
-| Setting | Description |
-| ------- | ----------- |
-| `metadata.name` | The unique name of the workflow component. |
-| `spec.type` | The component type used. Example: `crypto.jwks`, `crypto.azure.keyvault` |
-| `spec.metadata` | Additional metadata parameters specified by workflow component |
-
-[Learn more about the available cryptography components.]({{< ref supported-cryptography >}})
-
-## Supported cryptography APIs
-
-The cryptography building block supports two high-level APIs:
- `Encrypt` 
- `Decrypt` 
-
-These APIs allow you to encrypt and decrypt files of arbitrary lenght (up to 256TB) while working on a straem of data.
-
-### Encrypt
-
-To encrypt data, implement the `Encrypt` API:
-
-```go
-// Encrypt the data using Dapr
-out, err := sdkClient.Encrypt(context.Background(), rf, dapr.EncryptOptions{
-	// These are the 3 required parameters
-	ComponentName: "mycryptocomponent",
-	KeyName:        "mykey",
-	Algorithm:     "RSA",
-})
-```
-
-### Decrypt
-
-To decrypt data, implement the `Decrypt` API:
-
-```go
-// Decrypt the data using Dapr
-out, err := sdkClient.Decrypt(context.Background(), rf, dapr.EncryptOptions{
-	// Only required option is the component name
-	ComponentName: "mycryptocomponent",
-})
-```
-
-## Next steps
- [Cryptography building block documentation]({{< ref cryptography >}})
- [Cryptography components]({{< ref supported-cryptography >}})
--- a/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md
+++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md
@ -43,5 +43,4 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 | azureClientSecret  | Y        | Azure Key Vault service principal client secret  | TODO |

 ## Related links
- [Cryptography building block]({{< ref cryptography >}})
- [Cryptography API reference]({{< ref cryptography_api.md >}})
+[Cryptography building block]({{< ref cryptography >}})
--- a/daprdocs/content/en/reference/components-reference/supported-cryptography/json-web-key-sets.md
+++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/json-web-key-sets.md
@ -35,5 +35,4 @@ The above example uses secrets as plain strings. It is recommended to use a secr
 | jwks               | Y        | Connection-string for the JWKS host  | `fixtures/crypto/jwks/jwks.json`

 ## Related links
- [Cryptography building block]({{< ref cryptography >}})
- [Cryptography API reference]({{< ref cryptography_api.md >}})
+[Cryptography building block]({{< ref cryptography >}})
--- a/daprdocs/content/en/reference/components-reference/supported-cryptography/kubernetes-secrets.md
+++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/kubernetes-secrets.md
@ -2,7 +2,7 @@
 type: docs
 title: "Kubernetes Secrets"
 linkTitle: "Kubernetes Secrets"
-description: Detailed information on the Kubernetes Secret cryptography component
+description: Detailed information on the Kubernetes secret cryptography component
 ---

 ## Component format
@ -32,8 +32,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr

 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
-| redisHost          | Y        | Connection-string for the redis host  | `localhost:6379`, `redis-master.default.svc.cluster.local:6379`
+|           |        |   | 

 ## Related links
- [Cryptography building block]({{< ref cryptography >}})
- [Cryptography API reference]({{< ref cryptography_api.md >}})
+[Cryptography building block]({{< ref cryptography >}})
--- a/daprdocs/content/en/reference/components-reference/supported-cryptography/local-storage.md
+++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/local-storage.md
@ -16,10 +16,10 @@ apiVersion: dapr.io/v1alpha1
 kind: Component
 metadata:
  name: mycrypto
-  namespace: default
 spec:
  type: crypto.localstorage
  metadata:
+    version: v1
    - name: path
      value: fixtures/crypto/localstorage/
 ```
@ -32,8 +32,7 @@ The above example uses secrets as plain strings. It is recommended to use a secr

 | Field              | Required | Details | Example |
 |--------------------|:--------:|---------|---------|
-| path               | Y        | Connection-string for the lcoal storage  | `fixtures/crypto/localstorage/`
+| path               | Y        | Connection-string for the local storage  | `fixtures/crypto/localstorage/`

 ## Related links
- [Cryptography building block]({{< ref cryptography >}})
- [Cryptography API reference]({{< ref cryptography_api.md >}})
+[Cryptography building block]({{< ref cryptography >}})