The Bootstrap Keys menu stores the authorization keys required to bootstrap remote edge devices into the qbee backend. This process authorizes the device to the qbee system within the correct group. Bootstrap keys can also be revoked to prevent additional device bootstrapping.
As part of the bootstrapping process, a private elliptic-curve cryptography (ECC) key is generated for each edge device. This key provides a unique identifier for the device and allows for management and blocking of devices if they are lost or behaving suspiciously. All subsequent qbee functions are encrypted using these keys.
Bootstrap keys are confidential
The keys are confidential and system specific. Do not share these
Automatically assign devices to groups
Different settings are provided. Devices can bootstrap to a group called "unassigned" and be moved from there into any specific group. Alternatively a specific bootstrap key can be generated for a group. That will move devices into this group automatically. This is very helpful in larger deployments.
Allow devices to be auto accpeted into the system
Decide if devices should be auto accepted into the system or manually through the pending devices tab.
Bootstrap kyes can be revoked
Keys can be deleted and thus revoked. This will not impacted device associations that have been bootstrapped with this key. However, new bootstrap attemps with that key will fail. Customers often use one specific key per badge and revoke that key after the batch production and use another one for the next batch.
Below is the bootstrap key menu showing multiple different keys:
This is the menu to edit the bootstrap key options:
The group selector allows to assign the key to a group.
In short this menu helps you to:
Automatically accept devices
Devices will be accepted into the system with no manual interaction
Define the group devices will be inserted in:
It is possible to define a specific group assignment for a specific key. All devices bootstrapping with that key will be assigned to the specific group.
Add multiple keys:
It is possible to define multiple bootstrap keys. For example if different producers create the original system image.
Revoke bootstrap keys
It is possible to revoke any bootstrap key. Devices that have bootstrapped already are in no way impacted by this. New devices that bootstrap with this key will be rejected.