Bootstrap keys

The Bootstrap Keys menu stores the authorization keys required to bootstrap remote edge devices into the qbee backend. This process authorizes the device to the qbee system within the correct group. Bootstrap keys can also be revoked to prevent additional device bootstrapping.

As part of the bootstrapping process, a private elliptic-curve cryptography (ECC) key is generated for each edge device. This key provides a unique identifier for the device and allows for management and blocking of devices if they are lost or behaving suspiciously. All subsequent qbee functions are encrypted using these keys.

Bootstrap keys are confidential

The keys are confidential and system specific. Do not share these

qbee-bootsrapping-menu1

Automatically assign devices to groups

Different settings are provided. Devices can bootstrap to a group called "unassigned" and be moved from there into any specific group. Alternatively a specific bootstrap key can be generated for a group. That will move devices into this group automatically. This is very helpful in larger deployments.

Allow devices to be auto accpeted into the system

Decide if devices should be auto accepted into the system or manually through the pending devices tab.

Bootstrap kyes can be revoked

Keys can be deleted and thus revoked. This will not impacted device associations that have been bootstrapped with this key. However, new bootstrap attemps with that key will fail. Customers often use one specific key per badge and revoke that key after the batch production and use another one for the next batch.

Below is the bootstrap key menu showing multiple different keys:

qbee-bootstrapping-advanced-keys

This is the menu to edit the bootstrap key options:

qbee-bootstrapping-key-options

The group selector allows to assign the key to a group.

In short this menu helps you to:

  • Automatically accept devices
    Devices will be accepted into the system with no manual interaction

  • Define the group devices will be inserted in:
    It is possible to define a specific group assignment for a specific key. All devices bootstrapping with that key will be assigned to the specific group.

  • Add multiple keys:
    It is possible to define multiple bootstrap keys. For example if different producers create the original system image.

  • Revoke bootstrap keys
    It is possible to revoke any bootstrap key. Devices that have bootstrapped already are in no way impacted by this. New devices that bootstrap with this key will be rejected.