mirror of
https://github.com/netbirdio/docs.git
synced 2026-04-28 21:36:37 +00:00
a8f91c38b1
* New Access Control and ReOrg * Enhance Access Control Documentation and Add New Resources - Updated `next.config.mjs` to include new redirects for access control documentation. - Added multiple images related to access control and endpoint detection and response. - Refactored links in various documentation files to point to the new access control structure. - Removed outdated documentation files and created new ones for managing access control and endpoint detection. - Introduced a new section for understanding posture checks and their implementation in access control. This commit aims to improve the organization and clarity of access control resources, aligning with the recent restructuring of documentation. * Remove outdated Intune MDM documentation and update links in access control resources. This commit enhances the organization of the documentation by eliminating obsolete files and ensuring all references to Microsoft Intune are correctly aligned with the new structure. * Fix typos in access control documentation for clarity and accuracy. Updated "Understnading" to "Understanding" and corrected "NerBird" to "NetBird" in relevant sections. * Fix typo in Access Control section * Fix formatting in posture checks documentation * Added a space in the Posture Checks reference for clarity.
97 lines
4.4 KiB
Plaintext
97 lines
4.4 KiB
Plaintext
|
|
# Use setup keys to run automated deployments and add machines to your network at scale
|
|
|
|
Setup key is a pre-authentication key that allows to register new machines in your network.
|
|
It simply associates a machine with an account on a first run.
|
|
|
|
## Related Video Content
|
|
For a comprehensive guide, part of our "Getting started with NetBird" video specifically covers setup keys:
|
|
<iframe width="560" height="315" src="https://www.youtube.com/embed/JRCZy4rLi-c?start=175" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>
|
|
|
|
The setup key can be provided as a parameter to the ```netbird up``` command.
|
|
This makes it possible to run automated deployments with infrastructure-as-code software like Ansible, Cloudformation or Terraform.
|
|
|
|
```bash {{ title: 'Starting NetBird Client' }}
|
|
sudo netbird up --setup-key <SETUP KEY>
|
|
```
|
|
|
|
## Types of setup keys
|
|
|
|
There are 2 types of setup keys:
|
|
* **One-off key**. This type of key can be used only once to authenticate a machine.
|
|
* **Reusable key**. This type of key can be used multiple times to authenticate machines.
|
|
|
|
## Ephemeral peers
|
|
|
|
You can create a setup key with the ephemeral peers option enabled.
|
|
Peers added with this key that later become offline for over 10 minutes will be removed automatically from the NetBird system.
|
|
|
|
This is useful when you want to add containers or auto scaling instances to your network.
|
|
|
|
## Using setup keys
|
|
|
|
Setup keys are available in the NetBird Management Dashboard under the `Setup Keys` tab [https://app.netbird.io/setup-keys](https://app.netbird.io/setup-keys).
|
|
You can easily add new or revoke keys.
|
|
|
|
<p>
|
|
<img src="/docs-static/img/how-to-guides/setup-keys.png" alt="high-level-dia" className="imagewrapper-big"/>
|
|
</p>
|
|
|
|
<Note>
|
|
When revoking a key, all machines authenticated with this key will remain connected to the network. The same logic applies when the key expires.
|
|
</Note>
|
|
|
|
## Expiration
|
|
|
|
You can set expiration when creating a key. When expired, the setup key can't be used anymore.
|
|
|
|
## Usage limit
|
|
|
|
By default, every reusable key has unlimited usage.
|
|
We recommend limiting the number of times the key can be used, e.g., set it to 30 if you need to enroll only 30 machines.
|
|
|
|
## Allow Extra DNS labels
|
|
|
|
You can create a setup key with the `Allow Extra DNS labels` option enabled.
|
|
When enabled, peers added using this key will be able to add extra DNS labels and with that other peers in the NetBird network can reach them with these labels.
|
|
|
|
If you add multiple peers with the same labels, they became part of a DNS round-robin group for the shared label. This is useful to access services running on multiple nodes.
|
|
|
|
## Peer Auto-grouping
|
|
|
|
|
|
NetBird offers a powerful [access control feature](/manage/access-control/manage-network-access) that allows easy access management of your resources.
|
|
In a basic scenario, you would create multiple groups of peers and create access rules to define what groups can access each other.
|
|
Adding peers to groups might become time-consuming in large networks with dozens of machines.
|
|
|
|
Starting NetBird [v0.9.2](https://github.com/netbirdio/netbird/releases), when creating or updating a setup key,
|
|
it is possible to specify a list of auto-assign groups. Every peer registered with this key will be automatically added
|
|
to these groups. All the access control rules enabled for these groups will apply automatically.
|
|
|
|
To add `Auto-assign groups`, open the `Setup Keys` tab and create or update any existing setup key.
|
|
Then use this key to enroll new machine.
|
|
|
|
<p>
|
|
<img src="/docs-static/img/architecture/netbird-peer-auto-tagging-newkey.png" alt="high-level-dia" className="imagewrapper"/>
|
|
</p>
|
|
|
|
<Note>
|
|
Auto-assign groups will apply only to newly registered machines.
|
|
</Note>
|
|
|
|
## Create setup key
|
|
|
|
Go to the `Setup Keys` tab and click the `Create Setup Key` button
|
|
In the opened popup, give your new key an easily identifiable name, choose type, set usage limit, and assign auto groups.
|
|
The defaults should be suitable for most of the cases. We recommend using one-off keys for security reasons.
|
|
|
|
<p>
|
|
<img src="/docs-static/img/how-to-guides/add-setup-key.png" alt="high-level-dia" className="imagewrapper"/>
|
|
</p>
|
|
|
|
After your key has been successfully created, copy and store it in a secure location.
|
|
|
|
<p>
|
|
<img src="/docs-static/img/how-to-guides/setup-key-created.png" alt="high-level-dia" className="imagewrapper"/>
|
|
</p>
|