Bootstrap keys

The bootstrap keys menu contains the authorization keys that are necessary for bootstrapping remote edge devices into the qbee backend. When the bootstrapping happens the provided bootstrap key is used to authorize the device to the qbee system into the correct group. Bootstrap keys can also be revoked. Then it is not possible anymore to bootstrap additional devices.

During the bootstrap process a private elliptic-curve cryptography (ECC) key is generated for each edge device. This makes the device unique and also allows to manage (and block devices) from accessing the system if the device ever is lost or behaves suspiciously. All further qbee functions are encrypted with these keys.

Bootstrap keys are confidential

The keys are confidential and system specific. Do not share these

qbee-bootsrapping-menu1

Automatically assign devices to groups

Different settings are provided. Devices can bootstrap to a group called "unassigned" and be moved from there into any specific group. Alternatively a specific bootstrap key can be generated for a group. That will move devices into this group automatically. This is very helpful in larger deployments.

Allow devices to be auto accpeted into the system

Decide if devices should be auto accepted into the system or manually through the pending devices tab.

Bootstrap kyes can be revoked

Keys can be deleted and thus revoked. This will not impacted device associations that have been bootstrapped with this key. However, new bootstrap attemps with that key will fail. Customers often use one specific key per badge and revoke that key after the batch production and use another one for the next batch.

Below is the bootstrap key menu showing multiple different keys:

qbee-bootstrapping-advanced-keys

This is the menu to edit the bootstrap key options:

qbee-bootstrapping-key-options

The group selector allows to assign the key to a group.

In short this menu helps you to:

  • Automatically accept devices
    Devices will be accepted into the system with no manual interaction

  • Define the group devices will be inserted in:
    It is possible to define a specific group assignment for a specific key. All devices bootstrapping with that key will be assigned to the specific group.

  • Add multiple keys:
    It is possible to define multiple bootstrap keys. For example if different producers create the original system image.

  • Revoke bootstrap keys
    It is possible to revoke any bootstrap key. Devices that have bootstrapped already are in no way impacted by this. New devices that bootstrap with this key will be rejected.