Reputation: 221
Why should I restore the keys in Azure Device Provisioning?
I'm using the service Device Provisioning for my Azure IoT solution.
I've created a group of registration with Symmetric key attestation.
From the guide: By default, the Device Provisioning Service creates new symmetric keys with a default length of 32 bytes. [...] The symmetric keys for group enrollments are not used directly by devices when provisioning. Instead devices that belong to an enrollment group provision using a derived device key.
In Azure Portal, at the top of the screen of this service I saw that there is a botton: Restore Keys
I have some questions about:
- Why should I restore/regenerate these keys?
- If I sold 1000 devices with devide keys generated by the primary key, if I changed the primary key it would be impossible to register new devices. Do I have to provide a management system for these keys within the devices?
Thanks for the clarifications!
Upvotes: 0
Views: 119
Answers (1)
Reputation: 96
This looks like it might be a slight translation issue - in English it's "regenerate keys" and the button is used to generate a new key for key rotation purposes.
Upvotes: 0
Related Questions
- Device Provisioning via Enrollment group
- Regenerate Azure IoT Edge hub certificate
- Why Primary key and Secondary key in Azure IoT hub?
- Azure IoT Hub Device Identity requirements
- Can't create symmetric keys when adding IoT device
- IoT hub and device provisioning service
- Azure Device Provisioning: Group enrollment
- Azure IoT device provisioning
- How Azure IoT hub registers the new device
- Azure IoT-Hub Device Key(Shared Access Key) expiry