Synpse
🤖 Devices⚡ ApplicationsTry Synpse!
  • Intro to Synpse
  • Start here
    • Quick Start (web user)
    • Quick Start (CLI)
  • Agent
    • Install
      • Raspberry Pi
      • Linux (Docker)
      • MacOS
      • NVIDIA Jetson
      • Headless (Ubuntu)
      • BeagleBoard AI
      • Bulk Provisioning
      • 🪄Beta - Universal Synpse image
      • Containerized agent
      • Configuration
    • Uninstall
  • CLI
    • Install & Usage
  • synpse core
    • Devices
      • Device Provisioning
      • HTTPS Tunnel Access
      • SSH Access
      • Device Labels
      • Environment Variables
      • Proxy Application Ports
      • OS & Architectures
      • Operations
      • Device API
    • Applications
      • Deploy
      • Secrets
      • Environment variables
      • Substitution (dynamic templates)
      • Volumes
      • Networking
      • Scheduling
      • Registry authentication
      • Using GPUs
      • Tips & Tricks
      • Logs and status
      • Application specification (API reference)
    • Account
      • Personal Access Tokens
      • Service (Robot) Accounts
      • Teams (Share Devices)
    • Monitoring (beta)
      • Device Monitoring
      • Application Monitoring
  • Manage
    • Projects
    • Namespaces
    • Quotas
  • Examples
    • 🏠Home Automation
      • Gladys Assistant
      • Home Assistant
    • 🛠️Preparing OS Images
      • Synpse CLI Builder
      • Build a custom Raspberry Pi image
      • Cloud-init (advanced)
    • 💡Dynamic Templates
    • ☁️Public Cloud IoT
      • AWS IoT Core
      • Azure IoT Hub
      • GCP IoT Core
    • 🚀Device management
      • VNC to remove devices
      • Ansible
  • On-prem Deployment
    • 🐳Docker Compose
    • 🌤️kubernetes
  • Resources
    • API Documentation
    • Deployment patterns
    • Security & Tech
Powered by GitBook
On this page
  • Secure Transport
  • Registration Tokens
  • Device Access Tokens
  • Service Accounts
  • Roles and Project Memberships (RBAC)

Was this helpful?

  1. Resources

Security & Tech

This section describes security measures that the Synpse system utilizes.

Synpse is secure by default. We use up-to-date standards and tools to provide a secure platform to manage your devices.

Secure Transport

All communications between Synpse agents, CLI and API are encrypted by default (HTTPS/TLS) and cannot be accessed without encryption.

Registration Tokens

In order to join your project, devices are using registration tokens that can be revoked after provisioning or limit how many devices can register using it. This allows you to:

  • Once you provision your devices, safely remove the token without any impact to already registered devices.

  • If you have 50 devices to provision, create a registration token with a limit of 50 devices.

Device Access Tokens

Device access tokens are issued directly to devices during the device registration. They are a lot more limited compared to regular service accounts as device access token can only:

  • Get a bundle of applications that it must be running

  • Update its status to the controller

If your device is compromised, just remove the device access token at any time and it will need to re-register.

Currently re-registration involves setting up device again. In the future we will allow re-use of registration token if user chooses to to automatically re-register the device

Service Accounts

Service accounts can be created for CI/CD systems, CLI or API sdk. These service accounts can utilize project roles the same way as regular users, however they are tied to a single project.

Roles and Project Memberships (RBAC)

Each user, when joining a project needs to be assigned a role to start using the product. Roles control every aspect of the system, from application viewing, editing, secret management, to device provisioning. Roles can be mixed and matched.

PreviousDeployment patterns

Last updated 4 years ago

Was this helpful?