Merge branch 'v1.11' into issue_6388

daprdocs/content/en/concepts/building-blocks-concept.md

@@ -29,4 +29,5 @@ The following are the building blocks provided by Dapr:
 | [**Secrets**]({{< ref "secrets-overview.md" >}}) | `/v1.0/secrets` | Dapr provides a secrets building block API and integrates with secret stores such as public cloud stores, local stores and Kubernetes to store the secrets. Services can call the secrets API to retrieve secrets, for example to get a connection string to a database.
 | [**Configuration**]({{< ref "configuration-api-overview.md" >}}) | `/v1.0/configuration` | The Configuration API enables you to retrieve and subscribe to application configuration items for supported configuration stores. This enables an application to retrieve specific configuration information, for example, at start up or when configuration changes are made in the store. 
 | [**Distributed lock**]({{< ref "distributed-lock-api-overview.md" >}}) | `/v1.0-alpha1/lock` | The distributed lock API enables you to take a lock on a resource so that multiple instances of an application can access the resource without conflicts and provide consistency guarantees.  
-| [**Workflows**]({{< ref "workflow-overview.md" >}}) | `/v1.0-alpha1/workflow` | The Workflow API enables you to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. The Workflow API can be combined with other Dapr API building blocks. For example, a workflow can call another service with service invocation or retrieve secrets, providing flexibility and portability. 
+| [**Workflows**]({{< ref "workflow-overview.md" >}}) | `/v1.0-alpha1/workflow` | The Workflow API enables you to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. The Workflow API can be combined with other Dapr API building blocks. For example, a workflow can call another service with service invocation or retrieve secrets, providing flexibility and portability. 
+| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | `/v1.0-alpha1/crypto` | The Cryptography API enables you to perform cryptographic operations, such as encrypting and decrypting messages, without exposing keys to your application.

daprdocs/content/en/concepts/components-concept.md

@@ -108,6 +108,13 @@ A [workflow]({{< ref workflow-overview.md >}}) is custom application logic that
 <!--- [List of supported workflows]()
 - [Workflow implementations](https://github.com/dapr/components-contrib/tree/master/workflows)-->
 
+### Cryptography
+
+[Cryptography]({{< ref cryptography-overview.md >}}) components are used to perform crypographic operations, including encrypting and decrypting messages, without exposing keys to your application.
+
+- [List of supported cryptography components]({{< ref supported-cryptography >}})
+- [Cryptography implementations](https://github.com/dapr/components-contrib/tree/master/crypto) 
+
 ### Middleware
 
 Dapr allows custom [middleware]({{< ref "middleware.md" >}}) to be plugged into the HTTP request processing pipeline. Middleware can perform additional actions on an HTTP request (such as authentication, encryption, and message transformation) before the request is routed to the user code, or the response is returned to the client. The middleware components are used with the [service invocation]({{< ref "service-invocation-overview.md" >}}) building block.

daprdocs/content/en/concepts/overview.md

@@ -44,8 +44,8 @@ Each of these building block APIs is independent, meaning that you can use one,
 | [**Secrets**]({{< ref "secrets-overview.md" >}}) | The secrets management API integrates with public cloud and local secret stores to retrieve the secrets for use in application code.
 | [**Configuration**]({{< ref "configuration-api-overview.md" >}})  | The configuration API enables you to retrieve and subscribe to application configuration items from configuration stores. 
 | [**Distributed lock**]({{< ref "distributed-lock-api-overview.md" >}})  | The distributed lock API enables your application to acquire a lock for any resource that gives it exclusive access until either the lock is released by the application, or a lease timeout occurs. 
-| [**Workflows**]({{< ref "workflow-overview.md" >}}) | `/v1.0-alpha1/workflow` | The workflow API can be combined with other Dapr building blocks to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. 
+| [**Workflows**]({{< ref "workflow-overview.md" >}}) | The workflow API can be combined with other Dapr building blocks to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. 
-
+| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | The cryptography API provides an abstraction layer on top of security infrastructure such as key vaults. It contains APIs that allow you to perform cryptographic operations, such as encrypting and decrypting messages, without exposing keys to your applications.
 
 ## Sidecar architecture
 

daprdocs/content/en/developing-applications/building-blocks/cryptography/_index.md

@@ -0,0 +1,7 @@
+---
+type: docs
+title: "Cryptography"
+linkTitle: "Cryptography"
+weight: 110
+description: "Perform cryptographic operations without exposing keys to your application"  
+---

daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md

@@ -0,0 +1,88 @@
+---
+type: docs
+title: Cryptography overview
+linkTitle: Overview
+weight: 1000
+description: "Overview of Dapr Cryptography"
+---
+
+With the cryptography building block, you can leverage cryptography in a safe and consistent way. Dapr exposes APIs that allow you to perform operations, such as encrypting and decrypting messages, within key vaults or the Dapr sidecar, without exposing cryptographic keys to your application.
+
+## Why Cryptography?
+
+Applications make extensive use of cryptography, which, when implemented correctly, can make solutions safer even when data is compromised. In certain cases, you may be required to use cryptography to comply with industry regulations (for example, in finance) or legal requirements (including privacy regulations such as GDPR).  
+
+However, leveraging cryptography correctly can be difficult. You need to:
+
+- Pick the right algorithms and options
+- Learn the proper way to manage and protect keys
+- Navigate operational complexities when you wants limit access to cryptographic key material
+
+One important requirement for security is limiting access to your cryptographic keys, what is often referred to as "raw key material". Dapr can integrate with key vaults such as Azure Key Vault (with more components coming in the future) which store keys in secure enclaves and perform cryptographic operations in the vaults, without exposing keys to your application or Dapr.
+
+Alternatively, you can configure Dapr to manage the cryptographic keys for you, performing operations within the sidecar, again without exposing raw key material to your application.
+
+## Cryptography in Dapr
+
+With Dapr, you can perform cryptographic operations without exposing cryptographic keys to your application.
+
+<img src="/images/cryptography-overview.png" width=1000 style="padding-bottom:15px;" alt="Diagram showing how Dapr cryptography works with your app">
+
+
+By using the cryptography building block, you can:
+
+- More easily perform cryptographic operations in a safe way. Dapr provides safeguards against using unsafe algorithms, or using algorithms with unsafe options.
+- Keep keys outside of applications. Applications never see the "raw key material", but can request the vault to perform operations with the keys. When using the cryptographic engine of Dapr, operations are performed safely within the Dapr sidecar.
+- Experience greater separation of concerns. By using external vaults or cryptographic components, only authorized teams can access private key materials.
+- Manage and rotate keys more easily. Keys are managed in the vault and outside of the application, and they can be rotated without needing the developers to be involved (or even without restarting the apps).
+- Enables better audit logging to monitor when operations are performed with keys in a vault.
+
+{{% alert title="Note" color="primary" %}}
+While both HTTP and gRPC are supported in the alpha release, using the gRPC APIs with the supported Dapr SDKs is the recommended approach for cryptography.
+{{% /alert %}}
+
+## Features
+
+### Cryptographic components
+
+The Dapr cryptography building block incldues two kinds of components:
+
+- **Components that allow interacting with management services or vaults ("key vaults").**   
+   Similar to how Dapr offers an "abstraction layer" on top of various secret stores or state stores, these components allow interacting with various key vaults such as Azure Key Vault (with more coming in future Dapr releases). With these components, cryptographic operations on the private keys are performed within the vaults and Dapr never sees your private keys.
+
+- **Components based on Dapr's own cryptographic engine.**  
+   When key vaults are not available, you can leverage components based on Dapr's own cryptographic engine. These components, which have `.dapr.` in the name, perform cryptographic operations within the Dapr sidecar, with keys stored on files, Kubernetes secrets, or other sources. Although the private keys are known by Dapr, they are still not available to your applications.
+
+Both kinds of components, either those leveraging key vaults or using the cryptopgrahic engine in Dapr, offer the same abstraction layer. This allows your solution to switch between various vaults and/or cryptography components as needed. For example, you can use a locally-stored key during development, and a cloud vault in production.
+
+### Cryptographic APIs
+
+Cryptographic APIs allow encrypting and decrypting data using the [Dapr Crypto Scheme v1](https://github.com/dapr/kit/blob/main/schemes/enc/v1/README.md). This is an opinionated encryption scheme designed to use modern, safe cryptographic standards, and processes data (even large files) efficiently as a stream.
+
+## Try out cryptography
+
+### Quickstarts and tutorials
+
+Want to put the Dapr cryptography API to the test? Walk through the following quickstart and tutorials to see cryptography in action:
+
+| Quickstart/tutorial | Description |
+| ------------------- | ----------- |
+| Cryptography quickstart | Coming soon |
+
+### Start using cryptography directly in your app
+
+Want to skip the quickstarts? Not a problem. You can try out the cryptography building block directly in your application to encrypt and decrypt your application. After [Dapr is installed]({{< ref "getting-started/_index.md" >}}), you can begin using the cryptography API starting with [the cryptography how-to guide]({{< ref howto-cryptography.md >}}).
+
+## Demo
+
+Watch this [demo video of the Cryptography API from the Dapr Community Call #83](https://youtu.be/PRWYX4lb2Sg?t=1148):
+
+<iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/PRWYX4lb2Sg?start=1148" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" allowfullscreen></iframe>
+
+## Next steps
+
+{{< button text="Use the cryptography API >>" page="howto-cryptography.md" >}}
+
+## Related links
+- [Cryptography overview]({{< ref cryptography-overview.md >}})
+- [Cryptography component specs]({{< ref supported-cryptography >}})

daprdocs/content/en/developing-applications/building-blocks/cryptography/howto-cryptography.md

@@ -0,0 +1,146 @@
+---
+type: docs
+title: "How to: Use the cryptography APIs"
+linkTitle: "How to: Use cryptography"
+weight: 2000
+description: "Learn how to encrypt and decrypt files"
+---
+
+Now that you've read about [Cryptography as a Dapr building block]({{< ref cryptography-overview.md >}}), let's walk through using the cryptography APIs with the SDKs.  
+
+{{% alert title="Note" color="primary" %}}
+  Dapr cryptography is currently in alpha.
+
+{{% /alert %}}
+
+## Encrypt
+
+Using the Dapr gRPC APIs in your project, you can encrypt a stream of data, such as a file.
+
+{{< tabs "Go" >}}
+
+{{% codetab %}}
+
+<!--go-->
+
+```go
+out, err := sdkClient.Encrypt(context.Background(), rf, dapr.EncryptOptions{
+	// Name of the Dapr component (required)
+	ComponentName: "mycryptocomponent",
+	// Name of the key stored in the component (required)
+	KeyName:       "mykey",
+	// Algorithm used for wrapping the key, which must be supported by the key named above.
+	// Options include: "RSA", "AES"
+	Algorithm:     "RSA",
+})
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+The following example puts the `Encrypt` API in context, with code that reads the file, encrypts it, then stores the result in another file.
+
+{{< tabs "Go" >}}
+
+{{% codetab %}}
+
+<!--go-->
+
+```go
+// Input file, clear-text
+rf, err := os.Open("input")
+if err != nil {
+	panic(err)
+}
+defer rf.Close()
+
+// Output file, encrypted
+wf, err := os.Create("output.enc")
+if err != nil {
+	panic(err)
+}
+defer wf.Close()
+
+// Encrypt the data using Dapr
+out, err := sdkClient.Encrypt(context.Background(), rf, dapr.EncryptOptions{
+	// These are the 3 required parameters
+	ComponentName: "mycryptocomponent",
+	KeyName:       "mykey",
+	Algorithm:     "RSA",
+})
+if err != nil {
+	panic(err)
+}
+
+// Read the stream and copy it to the out file
+n, err := io.Copy(wf, out)
+if err != nil {
+	panic(err)
+}
+fmt.Println("Written", n, "bytes")
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+The following example uses the `Encrypt` API to encrypt a string.
+
+{{< tabs "Go" >}}
+
+{{% codetab %}}
+
+<!--go-->
+
+```go
+// Input string
+rf := strings.NewReader("Amor, ch’a nullo amato amar perdona, mi prese del costui piacer sì forte, che, come vedi, ancor non m’abbandona")
+
+// Encrypt the data using Dapr
+enc, err := sdkClient.Encrypt(context.Background(), rf, dapr.EncryptOptions{
+	ComponentName: "mycryptocomponent",
+	KeyName:       "mykey",
+	Algorithm:     "RSA",
+})
+if err != nil {
+	panic(err)
+}
+
+// Read the encrypted data into a byte slice
+enc, err := io.ReadAll(enc)
+if err != nil {
+	panic(err)
+}
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+
+## Decrypt
+
+To decrypt a file, add the `Decrypt` gRPC API to your project.
+
+{{< tabs "Go" >}}
+
+{{% codetab %}}
+
+<!--go-->
+
+In the following example, `out` is a stream that can be written to file or read in memory,  as in the examples above.
+
+```go
+out, err := sdkClient.Decrypt(context.Background(), rf, dapr.EncryptOptions{
+	// Only required option is the component name
+	ComponentName: "mycryptocomponent",
+})
+```
+
+{{% /codetab %}}
+
+{{< /tabs >}}
+
+## Next steps
+[Cryptography component specs]({{< ref supported-cryptography >}})

daprdocs/content/en/operations/support/support-preview-features.md

@@ -20,6 +20,7 @@ For CLI there is no explicit opt-in, just the version that this was first made a
 | **Pluggable components** | Allows creating self-hosted gRPC-based components written in any language that supports gRPC. The following component APIs are supported: State stores, Pub/sub, Bindings | N/A | [Pluggable components concept]({{<ref "components-concept#pluggable-components" >}})| v1.9  |
 | **Multi-App Run** | Configure multiple Dapr applications from a single configuration file and run from a single command | `dapr run -f` | [Multi-App Run]({{< ref multi-app-dapr-run.md >}}) | v1.10 |
 | **Workflows** | Author workflows as code to automate and orchestrate tasks within your application, like messaging, state management, and failure handling | N/A | [Workflows concept]({{< ref "components-concept#workflows" >}})| v1.10  |
+| **Cryptography** | Encrypt or decrypt data without having to manage secrets keys  | N/A | [Cryptography concept]({{< ref "components-concept#cryptography" >}})| v1.11  |
 | **Service invocation for non-Dapr endpoints** | Allow the invocation of non-Dapr endpoints by Dapr using the [Service invocation API]({{< ref service_invocation_api.md >}}). Read ["How-To: Invoke Non-Dapr Endpoints using HTTP"]({{< ref howto-invoke-non-dapr-endpoints.md >}}) for more information. | N/A | [Service invocation API]({{< ref service_invocation_api.md >}}) | v1.11  |
 | **Actor State TTL** | Allow actors to save records to state stores with Time To Live (TTL) set to automatically clean up old data. In its current implementation, actor state with TTL may not be reflected correctly by clients, read [Actor State Transactions]({{< ref actors_api.md >}}) for more information. | `ActorStateTTL` | [Actor State Transactions]({{< ref actors_api.md >}}) | v1.11  |
 

daprdocs/content/en/reference/components-reference/supported-cryptography/_index.md

@@ -0,0 +1,12 @@
+---
+type: docs
+title: "Cryptography component specs"
+linkTitle: "Cryptography"
+weight: 7000
+description: The supported cryptography components that interface with Dapr
+no_list: true
+---
+
+{{< partial "components/description.html" >}}
+
+{{< partial "components/cryptography.html" >}}

daprdocs/content/en/reference/components-reference/supported-cryptography/azure-key-vault.md

@@ -0,0 +1,52 @@
+---
+type: docs
+title: "Azure Key Vault"
+linkTitle: "Azure Key Vault"
+description: Detailed information on the Azure Key Vault cryptography component
+---
+
+## Component format
+
+A Dapr `crypto.yaml` component file has the following structure:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: azurekeyvault
+spec:
+  type: crypto.azure.keyvault
+  metadata:
+  - name: vaultName
+    value: mykeyvault
+  # See authentication section below for all options
+  - name: azureTenantId
+    value: ${{AzureKeyVaultTenantId}}
+  - name: azureClientId
+    value: ${{AzureKeyVaultServicePrincipalClientId}}
+  - name: azureClientSecret
+    value: ${{AzureKeyVaultServicePrincipalClientSecret}}
+```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
+## Authenticating with Azure AD
+
+The Azure Key Vault cryptography component supports authentication with Azure AD only. Before you enable this component:
+
+1. Read the [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) document.
+1. Create an [Azure AD application]({{< ref "howto-aad.md" >}}) (also called a Service Principal).
+1. Alternatively, create a [managed identity]({{< ref "howto-msi.md" >}}) for your application platform.
+
+## Spec metadata fields
+
+| Field              | Required | Details | Example |
+|--------------------|:--------:|---------|---------|
+| `vaultName`   | Y | Azure Key Vault name  | `"mykeyvault"` |
+| Auth metadata | Y | See [Authenticating to Azure]({{< ref "authenticating-azure.md" >}}) for more information  |  |
+
+## Related links
+- [Cryptography building block]({{< ref cryptography >}})
+- [Authenticating to Azure]({{< ref azure-authentication >}})

daprdocs/content/en/reference/components-reference/supported-cryptography/json-web-key-sets.md

@@ -0,0 +1,79 @@
+---
+type: docs
+title: "JSON Web Key Sets (JWKS)"
+linkTitle: "JSON Web Key Sets (JWKS)"
+description: Detailed information on the JWKS cryptography component
+---
+
+## Component format
+
+The purpose of this component is to load keys from a JSON Web Key Set ([RFC 7517](https://www.rfc-editor.org/rfc/rfc7517)). These are JSON documents that contain 1 or more keys as JWK (JSON Web Key); they can be public, private, or shared keys.
+
+This component supports loading a JWKS:
+
+- From a local file; in this case, Dapr watches for changes to the file on disk and reloads it automatically.
+- From a HTTP(S) URL, which is periodically refreshed.
+- By passing the actual JWKS in the `jwks` metadata property, as a string (optionally, base64-encoded).
+
+{{% alert title="Note" color="primary" %}}
+This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.
+
+{{% /alert %}}
+
+A Dapr `crypto.yaml` component file has the following structure:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: jwks
+spec:
+  type: crypto.dapr.jwks
+  version: v1
+  metadata:
+    # Example 1: load JWKS from file
+    - name: "jwks"
+      value: "fixtures/crypto/jwks/jwks.json"
+    # Example 2: load JWKS from a HTTP(S) URL
+    # Only "jwks" is required
+    - name: "jwks"
+      value: "https://example.com/.well-known/jwks.json"
+    - name: "requestTimeout"
+      value: "30s"
+    - name: "minRefreshInterval"
+      value: "10m"
+    # Option 3: include the actual JWKS
+    - name: "jwks"
+      value: |
+        {
+          "keys": [
+            {
+              "kty": "RSA",
+              "use": "sig",
+              "kid": "…",
+              "n": "…",
+              "e": "…",
+              "issuer": "https://example.com"
+            }
+          ]
+        }
+    # Option 3b: include the JWKS base64-encoded
+    - name: "jwks"
+      value: |
+        eyJrZXlzIjpbeyJ…
+```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
+## Spec metadata fields
+
+| Field              | Required | Details | Example |
+|--------------------|:--------:|---------|---------|
+| `jwks`               | Y        | Path to the JWKS document | Local file: `"fixtures/crypto/jwks/jwks.json"`<br>HTTP(S) URL: `"https://example.com/.well-known/jwks.json"`<br>Embedded JWKS: `{"keys": […]}` (can be base64-encoded)
+| `requestTimeout`     | N        | Timeout for network requests when fetching the JWKS document from a HTTP(S) URL, as a Go duration. Default: "30s" | `"5s"`
+| `minRefreshInterval` | N        | Minimum interval to wait before subsequent refreshes of the JWKS document from a HTTP(S) source, as a Go duration. Default: "10m" | `"1h"`
+
+## Related links
+[Cryptography building block]({{< ref cryptography >}})

daprdocs/content/en/reference/components-reference/supported-cryptography/kubernetes-secrets.md

@@ -0,0 +1,39 @@
+---
+type: docs
+title: "Kubernetes Secrets"
+linkTitle: "Kubernetes Secrets"
+description: Detailed information on the Kubernetes secret cryptography component
+---
+
+## Component format
+
+The purpose of this component is to load the Kubernetes secret named after the key name.
+
+{{% alert title="Note" color="primary" %}}
+This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.
+
+{{% /alert %}}
+
+A Dapr `crypto.yaml` component file has the following structure:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: <NAME>
+spec:
+  type: crypto.dapr.kubernetes.secrets
+  version: v1
+  metadata:[]
+```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
+## Spec metadata fields
+
+For the Kubernetes secret store component, there are no metadata attributes.
+
+## Related links
+[Cryptography building block]({{< ref cryptography >}})

daprdocs/content/en/reference/components-reference/supported-cryptography/local-storage.md

@@ -0,0 +1,61 @@
+---
+type: docs
+title: "Local storage"
+linkTitle: "Local storage"
+description: Detailed information on the local storage cryptography component
+---
+
+## Component format
+
+The purpose of this component is to load keys from a local directory.
+
+The component accepts as input the name of a folder, and loads keys from there. Each key is in its own file, and when users request a key with a given name, Dapr loads the file with that name.
+
+Supported file formats:
+
+- PEM with public and private keys (supports: PKCS#1, PKCS#8, PKIX)
+- JSON Web Key (JWK) containing a public, private, or symmetric key
+- Raw key data for symmetric keys
+
+{{% alert title="Note" color="primary" %}}
+This component uses the cryptographic engine in Dapr to perform operations. Although keys are never exposed to your application, Dapr has access to the raw key material.
+
+{{% /alert %}}
+
+
+A Dapr `crypto.yaml` component file has the following structure:
+
+```yaml
+apiVersion: dapr.io/v1alpha1
+kind: Component
+metadata:
+  name: mycrypto
+spec:
+  type: crypto.dapr.localstorage
+  metadata:
+    version: v1
+    - name: path
+      value: /path/to/folder/
+```
+
+{{% alert title="Warning" color="warning" %}}
+The above example uses secrets as plain strings. It is recommended to use a secret store for the secrets, as described [here]({{< ref component-secrets.md >}}).
+{{% /alert %}}
+
+## Spec metadata fields
+
+| Field              | Required | Details | Example |
+|--------------------|:--------:|---------|---------|
+| `path`             | Y        | Folder containing the keys to be loaded. When loading a key, the name of the key will be used as name of the file in this folder.  | `/path/to/folder` |
+
+**Example**
+
+Let's say you've set `path=/mnt/keys`, which contains the following files:
+
+- `/mnt/keys/mykey1.pem`
+- `/mnt/keys/mykey2`
+
+When using the component, you can reference the keys as `mykey1.pm` and `mykey2`.
+
+## Related links
+[Cryptography building block]({{< ref cryptography >}})

daprdocs/content/en/reference/components-reference/supported-middleware/middleware-wasm.md

@@ -116,41 +116,6 @@ If using TinyGo, compile as shown below and set the spec metadata field named
 tinygo build -o router.wasm -scheduler=none --no-debug -target=wasi router.go`
 ```
 
-### Generating Wasm
-
-This component allows you to rewrite a request URI with custom logic compiled
-to a Wasm using the waPC protocol. The `rewrite` function receives the request
-URI and returns an update as necessary.
-
-To compile your Wasm, you must compile source using a waPC guest SDK such as
-[TinyGo](https://github.com/wapc/wapc-guest-tinygo).
-
-Here's an example in TinyGo:
-
-```go
-package main
-
-import "github.com/wapc/wapc-guest-tinygo"
-
-func main() {
-	wapc.RegisterFunctions(wapc.Functions{"rewrite": rewrite})
-}
-
-// rewrite returns a new URI if necessary.
-func rewrite(requestURI []byte) ([]byte, error) {
-	if string(requestURI) == "/v1.0/hi" {
-		return []byte("/v1.0/hello"), nil
-	}
-	return requestURI, nil
-}
-```
-
-If using TinyGo, compile as shown below and set the spec metadata field named
-"url" to the location of the output (for example, `file://example.wasm`):
-
-```bash
-tinygo build -o example.wasm -scheduler=none --no-debug -target=wasi example.go
-```
 
 ## Related links
 

daprdocs/content/en/reference/components-reference/supported-pubsub/setup-rabbitmq.md

@@ -371,7 +371,7 @@ To set a priority on a message, add the publish metadata key `maxPriority` to th
 {{% codetab %}}
 
 ```bash
-curl -X POST http://localhost:3601/v1.0/publish/order-pub-sub/orders?metadata.maxPriority=3 -H "Content-Type: application/json" -d '{"orderId": "100"}'
+curl -X POST http://localhost:3601/v1.0/publish/order-pub-sub/orders?metadata.priority=3 -H "Content-Type: application/json" -d '{"orderId": "100"}'
 ```
 
 {{% /codetab %}}
@@ -385,7 +385,7 @@ with DaprClient() as client:
             topic_name=TOPIC_NAME,
             data=json.dumps(orderId),
             data_content_type='application/json',
-            metadata= { 'maxPriority': '3' })
+            metadata= { 'priority': '3' })
 ```
 
 {{% /codetab %}}
@@ -393,7 +393,7 @@ with DaprClient() as client:
 {{% codetab %}}
 
 ```javascript
-await client.pubsub.publish(PUBSUB_NAME, TOPIC_NAME, orderId, { 'maxPriority': '3' });
+await client.pubsub.publish(PUBSUB_NAME, TOPIC_NAME, orderId, { 'priority': '3' });
 ```
 
 {{% /codetab %}}
@@ -401,7 +401,7 @@ await client.pubsub.publish(PUBSUB_NAME, TOPIC_NAME, orderId, { 'maxPriority': '
 {{% codetab %}}
 
 ```go
-client.PublishEvent(ctx, PUBSUB_NAME, TOPIC_NAME, []byte(strconv.Itoa(orderId)), map[string]string{"maxPriority": "3"})
+client.PublishEvent(ctx, PUBSUB_NAME, TOPIC_NAME, []byte(strconv.Itoa(orderId)), map[string]string{"priority": "3"})
 ```
 {{% /codetab %}}
 

daprdocs/data/components/cryptography/azure.yaml

@@ -0,0 +1,5 @@
+- component: Azure Key Vault
+  link: azure-key-vault
+  state: Alpha
+  version: v1
+  since: "1.11"

daprdocs/data/components/cryptography/generic.yaml

@@ -0,0 +1,15 @@
+- component: JSON Web Key Sets (JWKS)
+  link: json-web-key-sets
+  state: Alpha
+  version: v1
+  since: "1.11"
+- component: Kubernetes secrets
+  link: kubernetes-secrets
+  state: Alpha
+  version: v1
+  since: "1.11"
+- component: Local storage
+  link: local-storage
+  state: Alpha
+  version: v1
+  since: "1.11"

daprdocs/layouts/partials/components/cryptography.html

@@ -0,0 +1,28 @@
+{{- $groups := dict
+    " Generic" $.Site.Data.components.cryptography.generic
+    "Microsoft Azure" $.Site.Data.components.cryptography.azure
+
+    }}
+    
+    {{ range $group, $components := $groups }}
+    <h3>{{ $group }}</h3>
+    <table width="100%">
+        <tr>
+            <th>Component</th>
+            <th>Status</th>
+            <th>Component version</th>
+            <th>Since runtime version</th>
+        </tr>
+        {{ range sort $components "component" }}
+        <tr>
+            <td><a href="/reference/components-reference/supported-cryptography/{{ .link }}/">{{ .component }}</a>
+            </td>
+            <td>{{ .state }}</td>
+            <td>{{ .version }}</td>
+            <td>{{ .since }}</td>
+        </tr>
+        {{ end }}
+    </table>
+    {{ end }}
+    
+    {{ partial "components/componenttoc.html" . }}