Access device connection string in IoT Edge module via Device Provisioning Services

Question

We're moving our Azure IoT Edge devices from manual provisioning to DPS with symmetric key. One of the modules deployed to our devices needs to manage the Device Twin - we have been using this for state properties that persist across updates to modules. To connect to the device twin, I've been creating a DeviceClient from connection string which is loaded as an environment variable on a per device basis. This is using the C SDK.

Now I want to request the device credentials during provisioning so that the symmetric key is the only secret pre installed on the device.

A number of posts suggest that this isn't possible with best practices, most succinctly: Access IoT Edge Device Twin from Edge Module when using X.509 Authentication

Is this still the case? If so, what is the intended use for the device twin on IoT Edge, if user modules aren't supposed to access it in a production setting?

Answer 1

A number of posts suggest that this isn't possible with best practices, most succinctly: Access IoT Edge Device Twin from Edge Module when using X.509 Authentication. Is this still the case?

This is still the case. Modules accessing device twin information is not supported or recommended. There are other ways to achieve what is desired - like one you described in your comment.

what is the intended use for the device twin on IoT Edge, if user modules aren't supposed to access it in a production setting?

The use case for device twins in IoT Edge is ADM deployments.

You create a deployment manifest and then define which devices it applies to based on tags in the device twin.

Ref: Understand IoT Edge automatic deployments for single devices or at scale