Introduction

By integrating System Software Updates (SOUP) with Sign & Encrypt (S&E), recipe file signatures can be automatically created when promoting the recipe from draft status.

Prerequisite

Your System Software Updates subscription must be connected to your Sign & Encrypt subscription by setting the S&E tenant ID in the SOUP tenant config.

Create an OAuth2 Client

Open the Access Control feature and navigate to OAuth2 Clients. You can either use the existing Extension_SystemSoftwareUpdate client that facilitates communication between Bosch IoT Rollouts and System Software Updates, or create a new client by clicking the + icon. Please refer to the following guide on how to Create new OAuth2 client.

Create a S&E Device Config

Open the Device Configurations feature in your S&E subscription. Click the + icon to add a new Device Configuration. Only name, access control, and signing key need to be configured. Ensure that users who promote recipes are included in the group with approve access (otherwise, you will need to create an ACL for them as well). Please refer to the following guide on how to Create a device configuration.

Create ACL Rules for the OAuth2 Client

Navigate to the Access Control List feature in your S&E subscription. Add two new entries providing USE and VIEW access for the OAuth2 Client. Please refer to the following guide on how to Create an ACL rule.

• Subject type: CLIENT

• Subject: <Client_ID>

• Resource type: DEVICE_CONFIG

• Resource: <Recipe signing device config>

• Action: (1) USE, (2) VIEW

Update Recipe Type Configuration

Finally, go to the Recipe Type List and select the recipe type you want to create signatures for, then click on the icon to edit it.

Select the newly created device configuration from the list below and click OK.