This section describes security measures that the Synpse system utilizes.
Synpse is secure by default. We use up-to-date standards and tools to provide a secure platform to manage your devices.
All communications between Synpse agents, CLI and API are encrypted by default (HTTPS/TLS) and cannot be accessed without encryption.
In order to join your project, devices are using registration tokens that can be revoked after provisioning or limit how many devices can register using it. This allows you to:
Once you provision your devices, safely remove the token without any impact to already registered devices.
If you have 50 devices to provision, create a registration token with a limit of 50 devices.
Device Access Tokens
Device access tokens are issued directly to devices during the device registration. They are a lot more limited compared to regular service accounts as device access token can only:
Get a bundle of applications that it must be running
Update its status to the controller
If your device is compromised, just remove the device access token at any time and it will need to re-register.
Currently re-registration involves setting up device again. In the future we will allow re-use of registration token if user chooses to to automatically re-register the device
Service accounts can be created for CI/CD systems, CLI or API sdk. These service accounts can utilize project roles the same way as regular users, however they are tied to a single project.
Roles and Project Memberships (RBAC)
Each user, when joining a project needs to be assigned a role to start using the product. Roles control every aspect of the system, from application viewing, editing, secret management, to device provisioning. Roles can be mixed and matched.