You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Sep 16, 2022. It is now read-only.
You are relying on on a service that requires you to use API keys. As such, you're required to store this API key on your devices in order to auth against this service. What happens if this key leaks and you need to rotate it on all your devices. This probably requires rolling out a firmware update. What if you could remove the API key and manage this centrally, and simply read the API key through the WoTT agent?
Technical details
Back-end
We need a new section in the dashboard that will allow users to upload key-value pairs in the user interface. For instance, you could create the key FOO_USERNAME with the value sup3rs3cr3tp@ssw0rd.
This will then be accessible from the agent (more about that below).
Client
With the implementation of agent#35, we have two options to expose the secrets to other services:
Serving the secrets using an API (e.g. a JSON API that is expose the secrets). This can either be a socket or a tcp service
Writing the secrets to a file on disk (this wouldn't require agent#35), and then locked down with file permissions in JSON format ( <----This is what we will start with )
Because we expect that internet connection can be down, it is important that we cache these credentials.
Permission structure
For the MVP, we will ignore the permission structure. Later on, I would suggest that we introduce 'tags' and allow devices to be tagged with one or more tags. You would then simply expose a secret to a given tag.
The text was updated successfully, but these errors were encountered:
vpetersson
changed the title
Create MVP for credentials manager (tl;dr set keys in dashboard that can be read and cached on the device).
Create MVP for credentials manager
Mar 26, 2019
tl;dr Vault, but for IoT.
Business case
You are relying on on a service that requires you to use API keys. As such, you're required to store this API key on your devices in order to auth against this service. What happens if this key leaks and you need to rotate it on all your devices. This probably requires rolling out a firmware update. What if you could remove the API key and manage this centrally, and simply read the API key through the WoTT agent?
Technical details
Back-end
We need a new section in the dashboard that will allow users to upload key-value pairs in the user interface. For instance, you could create the key
FOO_USERNAME
with the valuesup3rs3cr3tp@ssw0rd
.This will then be accessible from the agent (more about that below).
Client
With the implementation of agent#35, we have two options to expose the secrets to other services:
Because we expect that internet connection can be down, it is important that we cache these credentials.
Permission structure
For the MVP, we will ignore the permission structure. Later on, I would suggest that we introduce 'tags' and allow devices to be tagged with one or more tags. You would then simply expose a secret to a given tag.
The text was updated successfully, but these errors were encountered: