Skip to main content

Attributes

Attributes play a key role in how devices are tracked and managed. They provide detailed information about a device’s hardware and software, allow administrators to configure devices remotely, and help in organizing devices for management tasks. Attributes also facilitate auditing and device updates by ensuring that you are viewing an up-to-date snapshot of each device’s status and configuration in Device Trust Manager.

Device Trust Manager supports the following attribute types:

At a glance: attribute types comparison

The following table summarizes the key characteristics of each attribute type:

tabel 1. Attribute type definitions and handling

Attribute type

Definition

Used in certificate management policy

Value handling

Inventory attributes

Default device properties collected by TrustEdge agent.

Yes

Reported by the agent; can be overridden via attributes.json.

Identity attributes

Selected inventory attributes used to uniquely identify a device.

Yes

Immutable after device registration; do not change over the device's lifetime.

Custom inventory attributes

User-defined attributes beyond the default inventory list.

Yes

Defined and managed via attributes.json; values are dynamically discovered and reported.

Desired attributes

Key/value pairs defined in Device Trust Manager and delivered to devices for configuration purposes.

No

Defined in Device Trust Manager; delivered to devices when they connect to the Rendezvous service.


Inventory attributes

Inventory attributes are default properties automatically collected by TrustEdge agent on the device. These attributes provide information about the device's hardware and software configurations. TrustEdge agent periodically collects and reports these attributes to Device Trust Manager, overriding any existing values.

Common inventory attributes include:

  • MAC address

  • Serial number

  • Hardware model

  • Location

  • Operating system

  • Operating system version

  • IP address

  • CPU ID

Tip

You can override the reported values by editing the attributes.json file located at /etc/digicert/conf/ on the device.

Identity attributes

Identity attributes are specific inventory attributes designated to uniquely identify a device within your fleet. By default, the MAC address is used, but you can change this to other attributes like IP address or CPU ID. A device's identity attribute must be unique across your fleet to ensure reliable device identification and management.

If a single attribute isn't sufficient to ensure uniqueness—perhaps due to devices sharing similar hardware—you can combine up to three attributes to form a composite identity. This composite identity must be unique across your entire fleet to prevent identification conflicts and maintain consistent device recognition. For example, you could combine MAC address + IP address + CPU ID to create a unique identity attribute.

Once set, identity attributes do not change over the device's lifetime. This immutability ensures consistent device recognition even after hardware changes, such as replacing a network interface card.

Belangrijk

Once identity attributes are set, they remain fixed for the lifetime of the device, even if hardware components are replaced. This ensures reliable device identification even when performing hardware replacements, such as swapping out a network interface card.

Custom inventory attributes

Custom inventory attributes allow you to define additional properties beyond the default inventory attributes. By configuring the TrustEdge file /etc/digicert/conf/attributes.json on the device, you can specify custom keys and variable values. These values can be dynamically obtained through environment variables or custom scripts. TrustEdge periodically discovers and reports these custom attributes to Device Trust Manager.

Desired attributes

Desired attributes are key/value pairs defined in Device Trust Manager and delivered to devices to provide additional configuration information.

Defined at the device group level, all devices within a device group receive these attributes when TrustEdge agent connects to Device Trust Manager Rendezvous Service (RZ). Desired attributes are useful for distributing settings like URL endpoints or operational parameters.

The cyber twin concept

The combination of inventory attributes, desired attributes, and any deployed artifacts forms the device's cyber twin. This digital representation enables comprehensive device management and operational efficiency.

Using attributes in certificate management

Attributes play a role in certificate management policies. Inventory, identity, and custom inventory attributes can be embedded into certificates, aiding in secure device authentication and communication.

Best practices for managing attributes

  • Ensure uniqueness of identity attributes: Select identity attributes that uniquely identify each device to prevent conflicts.

  • Maintain immutability: Avoid changing identity attributes after device registration to preserve consistent device identities.

  • Use custom attributes wisely: Use custom inventory attributes to capture additional device information relevant to your organization's needs.

  • Leverage desired attributes for group configurations: Use desired attributes to efficiently manage settings across device groups.