-2

If the MQTT account is shared and fixed in the device, I am worried that the device will be cracked and the account will be leaked.

I am developing a linux embedded device, using MQTT communication, currently the MQTT account is in the configuration file.

  • 2
    I'm not too familiar with AWS IoT, but my understanding is that you should generate a separate X.509 Certificate for each device. They then use the certificate to authenticate, without having any 'AWS Account' credentials. – John Rotenstein Feb 28 '22 at 05:06
  • Single account should work. But just for additional security, you can create separate policies with different topic for each device. That will have a clean separation between device data along with security. – Mahesh Feb 28 '22 at 05:20
  • Is this an MQTT issue? Or is it an AWS or Azure issue? You wouldn't save your StackOverflow password on a post-it (or on a plain text file on your device), so don't do it for an IoT Device. Look into Hardware Security Modules and Trusted Platform Modules. I think the question in its current form is too broad and lacks details. – Matthijs van der Veer Feb 28 '22 at 07:53
  • AWS or Azure is just the tag – Rimuru Tempest Feb 28 '22 at 08:25
  • x509 is a good choice – Rimuru Tempest Mar 01 '22 at 02:01
  • Please provide enough code so others can better understand or reproduce the problem. – Community Mar 01 '22 at 05:59

1 Answers1

0

Thank you John Rotenstein and Rimuru Tempest posting your discussions as answer to help other community members.

Make sure to have X.509 certificate for each device. use this certificate to authenticate. This will help you remove the dependency of account.

Madhuraj Vadde
  • 1,099
  • 1
  • 5
  • 13