Alessandro review

Signed-off-by: Hannah Hunter <hannahhunter@microsoft.com>
2023-06-05 13:46:33 -04:00 · 2023-06-05 13:46:33 -04:00 · 627b83598d
parent 730ccf4d8d
commit 627b83598d
4 changed files with 13 additions and 13 deletions
--- a/daprdocs/content/en/concepts/overview.md
+++ b/daprdocs/content/en/concepts/overview.md
@ -45,7 +45,7 @@ Each of these building block APIs is independent, meaning that you can use one,
 | [**Configuration**]({{< ref "configuration-api-overview.md" >}})  | The configuration API enables you to retrieve and subscribe to application configuration items from configuration stores. 
 | [**Distributed lock**]({{< ref "distributed-lock-api-overview.md" >}})  | The distributed lock API enables your application to acquire a lock for any resource that gives it exclusive access until either the lock is released by the application, or a lease timeout occurs. 
 | [**Workflows**]({{< ref "workflow-overview.md" >}}) | The workflow API can be combined with other Dapr building blocks to define long running, persistent processes or data flows that span multiple microservices using Dapr workflows or workflow components. 
-| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | The cryptography API provides an abstraction layer on top of security infrastructure such as key vaults. It contains APIs that allow you to perform cryptographic operations, such as encrypting and decrypting messages, without exposing keys to your applications.   
+| [**Cryptography**]({{< ref "cryptography-overview.md" >}}) | The cryptography API provides an abstraction layer on top of security infrastructure such as key vaults. It contains APIs that allow you to perform cryptographic operations, such as encrypting and decrypting messages, without exposing keys to your applications.

 ## Sidecar architecture

--- a/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md
+++ b/daprdocs/content/en/developing-applications/building-blocks/cryptography/cryptography-overview.md
@ -6,7 +6,7 @@ weight: 1000
 description: "Overview of Dapr Cryptography"
 ---

-With the cryptography building block, you can leverage cryptography in a safe and consistent way. Dapr exposes APIs that allows you to perform operations, such as encrypting and decrypting messages, within the Dapr sidecar, without exposing cryptographic keys to your application.
+With the cryptography building block, you can leverage cryptography in a safe and consistent way. Dapr exposes APIs that allow you to perform operations, such as encrypting and decrypting messages, within key vaults or the Dapr sidecar, without exposing cryptographic keys to your application.

 ## Why Cryptography?

@ -33,25 +33,25 @@ By using the cryptography building block, you can:

 - More easily perform cryptographic operations in a safe way. Dapr provides safeguards against using unsafe algorithms, or using algorithms with unsafe options.
 - Keep keys outside of applications. Applications never see the "raw key material", but can request the vault to perform operations with the keys. When using the cryptographic engine of Dapr, operations are performed safely within the Dapr sidecar.
- Experience greater separation of concerns. By using external vaults or cryptographic components, only authorized teams can access private/shared key materials.
+- Experience greater separation of concerns. By using external vaults or cryptographic components, only authorized teams can access private key materials.
 - Manage and rotate keys more easily. Keys are managed in the vault and outside of the application, and they can be rotated without needing the developers to be involved (or even without restarting the apps).
 - Enables better audit logging to monitor when operations are performed with keys in a vault.

 {{% alert title="Note" color="primary" %}}
-While both HTTP and gRPC are supported in the alpha release, using the SDKs with gRPC is the recommended approach for cryptography.
+While both HTTP and gRPC are supported in the alpha release, using the gRPC APIs with the supported Dapr SDKs is the recommended approach for cryptography.
 {{% /alert %}}

 ## Features

 ### Cryptographic components

-Similar to how Dapr offers an abstraction on top of secret stores, Dapr offers an abstraction layer on top of key management services or vaults (for the rest of this document referred to as "vaults").
+The Dapr cryptography building block incldues two kinds of components:

-Dapr includes a set of cryptographic components that:
- Perform cryptographic operations within the Dapr sidecar
- Can be used when key vaults are not available  
-  
-With these components, cryptographic operations are performed within Dapr's own cryptographic engine, again without exposing keys to your application.
+- **Components that allow interacting with management services or vaults ("key vaults").**   
+   Similar to how Dapr offers an "abstraction layer" on top of various secret stores or state stores, these components allow interacting with various key vaults such as Azure Key Vault (with more coming in future Dapr releases). With these components, cryptographic operations on the private keys are performed within the vaults and Dapr never sees your private keys.
+
+- **Components based on Dapr's own cryptographic engine with keys stored on files.**  
+   When key vaults are not available, you can leverage components based on Dapr's own cryptographic engine. These components, which have `.dapr.` in the name, perform cryptographic operations within the Dapr sidecar, with keys stored on files, Kubernetes secrets, or other sources. Although the private keys are known by Dapr, they are still not available to your applications.

 Both kinds of components, either those leveraging key vaults or using the cryptopgrahic engine in Dapr, offer the same abstraction layer. This allows your solution to switch between various vaults and/or cryptography components as needed. For example, you can use a locally-stored key during development, and a cloud vault in production.

--- a/daprdocs/content/en/developing-applications/building-blocks/cryptography/howto-cryptography.md
+++ b/daprdocs/content/en/developing-applications/building-blocks/cryptography/howto-cryptography.md
@ -85,7 +85,7 @@ fmt.Println("Written", n, "bytes")

 {{< /tabs >}}

-The following example uses the `Ecrypt` API to encrypt a string.
+The following example uses the `Encrypt` API to encrypt a string.

 {{< tabs "Go" >}}

--- a/daprdocs/content/en/reference/components-reference/supported-cryptography/local-storage.md
+++ b/daprdocs/content/en/reference/components-reference/supported-cryptography/local-storage.md
@ -14,7 +14,7 @@ The component accepts as input the name of a folder, and loads keys from there.
 Supported file formats:

 - PEM with public and private keys (supports: PKCS#1, PKCS#8, PKIX)
- JSON Web Key (JWK) containing public, private, or symmetric keys
+- JSON Web Key (JWK) containing a public, private, or symmetric key
 - Raw key data for symmetric keys

 {{% alert title="Note" color="primary" %}}
@ -35,7 +35,7 @@ spec:
  metadata:
    version: v1
    - name: path
-      value: fixtures/crypto/localstorage/
+      value: /path/to/folder/
 ```

 {{% alert title="Warning" color="warning" %}}