aws / aws-iot-device-sdk-python-v2

Next generation AWS IoT Client SDK for Python using the AWS Common Runtime
Apache License 2.0
408 stars 213 forks source link

Fleet Provisioning - Persist certificate and key to file #279

Closed doronbl closed 2 years ago

doronbl commented 2 years ago

I'm trying to create automation for provisioning IoT device using fleetprovisioning.py. After fleetprovisioning.py finish running, I need to go to the logs in order to extract the cert and key and save them to files. Only then I can run pubsub or shadow sumple code,

I would like the permanent device certificate and private key aquired during fleet provisioning to be persisted to disk in a location controlled by script parameters.

I've considered to grep|awk|sed the log file, but this is not a trivial task. The minimum at least is to print the new cert and keys in JSON format, so I can grep the line, and than use jq to parse it. This will allow me easier way to persist the data to disk using Linux command line tools.

current data printed to stderr: Received a new message awsiot.iotidentity.CreateKeysAndCertificateResponse(certificate_id='', certificate_ownership_token='', certificate_pem='', private_key='')

bretambrose commented 2 years ago

I would strongly recommend not ever logging that kind of data as a normal course of action. Is something preventing you from taking the response and writing the appropriate fields to disk in any way you'd like to?

github-actions[bot] commented 2 years ago

Greetings! It looks like this issue hasn’t been active in longer than a week. We encourage you to check if this is still an issue in the latest release. Because it has been longer than a week since the last update on this, and in the absence of more information, we will be closing this issue soon. If you find that this is still a problem, please feel free to provide a comment or add an upvote to prevent automatic closure, or if the issue is already closed, please feel free to open a new one.

doronbl commented 2 years ago

Well, today the data is printed (to stderr). My suggestion is to persist it to files. Yes, I can edit the code and do it myself, but I think the FleetProvisioning demo should close the loop by persisting the permanent certifivcate & key to disk, rather than printing it to stderr. If you will look at Device Client FleetProvisioning, their sample code do persist the cert & key to disk. I see no reason why the Python SDK sample shouldn't do the same.

jmklix commented 2 years ago

Thanks for the suggestion, but this isn't something that we feel is necessary to add to the FleetProvisioning sample. If you need help writing the response to disk please let me know.

github-actions[bot] commented 2 years ago

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.