Programmatically regenerate keys for group enrollments in Azure Device provisioning Service (DPS)

Mirza Haad Baig 1 Reputation point
2023-01-10T10:53:26.737+00:00

I want to programmatically regenerate the symmetric key (primary and secondary keys) in group enrollments of Azure DPS. There is an API provided by azure in the link. I used the API but it returned 404 not found about which I could not figure out its reason. Link of API: https://learn.microsoft.com/en-us/rest/api/iot-dps/service/enrollment-group

I also found a github repo and was able to was able to get the instance of an enrollment group by running it. Now I want a way to regenerate the keys for current group but there is seem to have no function that would allow that thing. A way is to change the redo attestation that in return will change the symmetric keys but I have not find a way yet. Link of repo: https://github.com/Azure/azure-iot-sdk-csharp/blob/main/provisioning/service/src/ProvisioningServiceClient.cs

If anyone could help me, that would be great.

Azure IoT
Azure IoT
A category of Azure services for internet of things devices.
255 questions
Azure IoT SDK
Azure IoT SDK
An Azure software development kit that facilitates building applications that connect to Azure IoT services.
164 questions
Azure IoT Device Provisioning Service
Azure IoT Device Provisioning Service
A helper service for Azure IoT Hub that enables zero-touch, just-in-time provisioning to the right IoT hub without requiring human intervention.
91 questions
No comments
{count} votes

1 answer

Sort by: Newest
  1. Dom 1,211 Reputation points Microsoft Employee
    2023-01-10T11:54:39.843+00:00

    There's no API specifically for regenerating group enrollment keys. However, you can use the CreateOrUpdateEnrollmentGroupAsync method to update an existing enrollment group, passing in a new set of keys. See: https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.devices.provisioning.service.provisioningserviceclient.createorupdateenrollmentgroupasync?view=azure-dotnet&viewFallbackFrom=azure-dotnet-preview You will need to generate your new symmetric keys to pass in as part of the EnrollmentGroup parameter.

    The following sample shows an example of using this method with an enrollment group that uses X.509 certs, but you should be able to easily modify it to use symmetric keys instead: https://github.com/Azure/azure-iot-sdk-csharp/tree/main/provisioning/service/samples/getting%20started/EnrollmentGroupSample