Skip to content

This solution enables you to define a process to decouple manufacturing from the provisioning process while assuring that private secrets do not have the opportunity to be exposed at any point throughout supply chain, manufacturing, and on-boarding.

License

Notifications You must be signed in to change notification settings

aws-iot-builder-tools/iot-provisioning-secretfree

IoT Provisioning Secret-free

This solution enables you to define a process to decouple manufacturing from the provisioning process while assuring that private secrets do not have the opportunity to be exposed at any point throughout supply chain, manufacturing, and on-boarding.

Table of Contents

Where to Start

Managing the credential lifecycle from sunrise to sunset can be challenging. Identifying the approach early the product development lifecycle can reduce or completely eliminate credential delivery risk for when you go into production.

To quickly identify where to start, identify your goal. It will be one of the following.

  • Prototyping. I want to deploy the system to solution using a single AWS region. I do not know if I want AWS or ACM-PCA provisioning yet, so make it simple.

    Jump to Start Prototyping.

  • Prototyping. I want to prototype multi-region credential provisioning with control over the Certificate Authority issuing the certificate using a self-signed Certificate Authority.

    Jump to Start Multi Region Prototyping.

  • Production. I want to deploy the system for a specific region with AWS issuing the certificate.

    Jump to Start Single Region.

  • Production. I want to deploy the system at scale for single or multi-region with control over the Certificate Authority issuing the certificate.

    Jump to Start Multi Region Production.

After setting up, go to the Demonstrations section to experience the system from a host programming perspective.

Demonstration

The automation for deploying the code installs both ACM PCA and AWS IoT based issuance Lambdas. The API Gateway endpoint you invoke determines the issuer. If you will be using AWS IoT as the issuer, skip to the Test Data Load section.

License Summary

This sample code is made available under the MIT-0 license. See the LICENSE file.

About

This solution enables you to define a process to decouple manufacturing from the provisioning process while assuring that private secrets do not have the opportunity to be exposed at any point throughout supply chain, manufacturing, and on-boarding.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •