Bootstrap keys
The bootstrap keys menu contains the authorization keys that are neccessary for bootstrapping remote edge devices into the qbee backend. When the bootstrapping happens the provided bootstrap key is used to authorize the device to the qbee system into the correct group. Bootstrap keys can also be revoked. Then it is not possible anymore to bootstrap additional devices. During the bootstrap process a private elliptic-curve cryptography (ECC) key is generated for each edge device. This makes the device unique and also allows to manage (and block devices) from accessing the system if the device ever is lost or behaves suspiciously. All further qbee functions are encrypted with these keys.
Warning
The keys are confidential and system specific. Do not share these
Tip
Different settings are provided. Devices can bootstrap to a group called "unassigned" and be moved from there into any specific group. Alternatively a specific bootstrap key can be generated for a group. That will move devices into this group automatically. This is very helpful in larger deployments.
Tip
Decide if devices should be auto accepted into the system or manually through the pending devices tab.
Tip
Keys can be deleted and thus revoked. This will not impacted device associations that have been bootstrapped with this key. However, new bootstrap attemps with that key will fail.
Below is the bootstrap key menu showing multiple different keys:
This is the menu to edit the bootstrap key options:
The group selector allows to assign the key to a group.
In short this menu helps you to:
-
Automatically accept devices
Devices will be accepted into the system with no manual interaction -
Define the group devices will be inserted in:
It is possible to define a specific group assignment for a specific key. All devices bootstrapping with that key will be assigned to the specific group. -
Add multiple keys:
It is possible to define multiple bootstrap keys. For example if different producers create the original system image. -
Revoke bootstrap keys
It is possible to revoke any bootstrap key. Devices that have bootstrapped already are in no way impacted by this. New devices that bootstrap with this key will be rejected.