[QUESTION] Documentation confusion about embedded AWS cert/key files (CA-350)

Question

[QUESTION] Documentation confusion about embedded AWS cert/key files (CA-350)

Opened this issue a month ago · 1 comments

Checklist

Checked the issue tracker for similar issues to ensure this is not a duplicate.
Provided a clear description of your suggestion.
Included any relevant context or examples.

Issue or Suggestion Description

The documentation here clearly says:

There is currently only one option for how to load the key & cert.

Embed the files into the app binary (default)

However, in fleet provisioning here, the directory spiffs_image/certs implies the certs can be external to the app and stored in NVS.

Which is correct? It would certainly be useful if we could store AWS IoT certs/keys in NVS and avoid directly embedding them in the binaries.

Thanks,
-T

Answer 1 · 2024-12-04T17:10:45.000Z

Hi @gamename
Thanks for pointing out the discrepancy in the documentation. We will fix that.
Examples do support another mean to provide certificates and key, as done in mqtt tls_mutual_auth example here.

Although examples only showcases couple of ways to read certificates and key, one can always use NVS or other partitions or SPIFFS to read the certificate into RAM and pass it off to mbedTLS.

Hope this helps.