Security aspects about Module Twin

Galgani, Stefano 95 Reputation points

Hi all,

my context involves IoT Hub and IoT edge device with custom IoT edge modules.

I know that each edge module can have properties stored in IoT HUB on the cloud side called Module twin (JSON document) and also I know that module twin has the aim to handle and to propagate the changes to the edge side by connection encrypted with IoT HUB.

In terms of security about module Twin I'd like to know 2 things:

  • Where did module twin store at Edge side ?
  • Is module twin encrypted at edge side ?


Azure IoT Edge
Azure IoT Edge
An Azure service that is used to deploy cloud workloads to run on internet of things (IoT) edge devices via standard containers.
462 questions
Azure IoT Hub
Azure IoT Hub
An Azure service that enables bidirectional communication between internet of things (IoT) devices and applications.
948 questions
{count} vote

Accepted answer
  1. LeelaRajeshSayana-MSFT 8,046 Reputation points

    Hi @Galgani, Stefano Greetings! please find the below feedback from the team on your questions.

    Where did module twin store at Edge side ?

    To answer this question, the information about the connectivity of your custom modules is maintained in the IoT Edge agent module twin. Module state information is stored in the IoT Edge hub's local container filesystem by default. If the connection to IoT Hub is lost, IoT Edge hub saves messages or twin updates locally. Once a connection is reestablished, it syncs all the data. The location used for this temporary cache is determined by a property of the IoT Edge hub's module twin. Please note that the size of the cache isn't capped and will grow as long as the device has storage capacity. For more information, see Offline capabilities. You can also dedicate storage on the host IoT Edge device for extended offline capability mode to improve reliability. For more information, see Give modules access to a device's local storage.

    Is module twin encrypted at edge side?

    Edge Hub has environment variable configuration that controls whether persisted twin data is encrypted using the device key. If Defaults to true. Please refer the Edge Hub Environment variables for details. Please find the below property responsible for this configuration.

    User's image

    Hope this answers your questions. Please let us know if you need any further assistance on this in the comments below. We would be happy to help you.

    If the response helped, please do click Accept Answer and Yes for the answer provided. Doing so would help other community members with similar issue identify the solution. I highly appreciate your contribution to the community.

    2 people found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful