Attributes
Attributes play a key role in how devices are tracked and managed. They provide detailed information about a device’s hardware and software, allow administrators to configure devices remotely, and help in organizing devices for management tasks. Attributes also facilitate auditing and device updates by ensuring that you are viewing an up-to-date snapshot of each device’s status and configuration in Device Trust Manager.
Device Trust Manager supports the following attribute types:
At a glance: attribute types comparison
The following table summarizes the key characteristics of each attribute type:
Attribute type | Definition | Used in certificate management policy | Value handling |
|---|---|---|---|
Inventory attributes | Default device properties collected by TrustEdge agent. | Yes | Reported by the agent; can be overridden via |
Identity attributes | Selected inventory attributes used to uniquely identify a device. | Yes | Immutable after device registration; do not change over the device's lifetime. |
Custom inventory attributes | User-defined attributes beyond the default inventory list. | Yes | Defined and managed via |
Desired attributes | Key/value pairs defined in Device Trust Manager and delivered to devices for configuration purposes. | No | Defined in Device Trust Manager; delivered to devices when they connect to the Rendezvous service. |
Inventory attributes
Inventory attributes are default properties automatically collected by TrustEdge agent on the device. These attributes provide information about the device's hardware and software configurations. TrustEdge agent periodically collects and reports these attributes to Device Trust Manager, overriding any existing values.
Common inventory attributes include:
MAC address
Serial number
Hardware model
Location
Operating system
Operating system version
IP address
CPU ID
Tip
You can override the reported values by editing the attributes.json file located at /etc/digicert/conf/ on the device.
Identity attributes
Identity attributes are specific inventory attributes designated to uniquely identify a device within your fleet. By default, the MAC address is used, but you can change this to other attributes like IP address or CPU ID. A device's identity attribute must be unique across your fleet to ensure reliable device identification and management.
If a single attribute isn't sufficient to ensure uniqueness—perhaps due to devices sharing similar hardware—you can combine up to three attributes to form a composite identity. This composite identity must be unique across your entire fleet to prevent identification conflicts and maintain consistent device recognition. For example, you could combine MAC address + IP address + CPU ID to create a unique identity attribute.
Once set, identity attributes do not change over the device's lifetime. This immutability ensures consistent device recognition even after hardware changes, such as replacing a network interface card.
Important
Once identity attributes are set, they remain fixed for the lifetime of the device, even if hardware components are replaced. This ensures reliable device identification even when performing hardware replacements, such as swapping out a network interface card.
Custom inventory attributes
Custom inventory attributes allow you to define additional properties beyond the default inventory attributes. By configuring the TrustEdge file /etc/digicert/conf/attributes.json on the device, you can specify custom keys and variable values. These values can be dynamically obtained through environment variables or custom scripts. TrustEdge periodically discovers and reports these custom attributes to Device Trust Manager.
Desired attributes
Desired attributes are key/value pairs defined in Device Trust Manager and delivered to devices to provide additional configuration information.
Defined at the device group level, all devices within a device group receive these attributes when TrustEdge agent connects to Device Trust Manager Rendezvous Service (RZ). Desired attributes are useful for distributing settings like URL endpoints or operational parameters.
The cyber twin concept
The combination of inventory attributes, desired attributes, and any deployed artifacts forms the device's cyber twin. This digital representation enables comprehensive device management and operational efficiency.
Using attributes in certificate management
Attributes play a role in certificate management policies. Inventory, identity, and custom inventory attributes can be embedded into certificates, aiding in secure device authentication and communication.
Best practices for managing attributes
Ensure uniqueness of identity attributes: Select identity attributes that uniquely identify each device to prevent conflicts.
Maintain immutability: Avoid changing identity attributes after device registration to preserve consistent device identities.
Use custom attributes wisely: Use custom inventory attributes to capture additional device information relevant to your organization's needs.
Leverage desired attributes for group configurations: Use desired attributes to efficiently manage settings across device groups.