Are all keys stored on a device unique? Even the local SSH keys to the host OS?
If a device gets compromised, will other devices within an application become vulnerable somehow?
What should I expect if someone maliciously copies a SD card (from a already deployed device) and attaches it to another device? Will this prompt another device registration?
The secret keys on the devices are unique for every device.
If a device gets compromised the secret API key grants access to the following:
changing the device metadata
reading metadata of the application associated with the device
reading environment variables associated with the device
reading environment variables for the application that is associated with the device
reading build logs of the application associated with the device
But all secret keys on the device can be revoked by deleting the device in the dashboard.
If someone copies the SD card of a device and attaches it to another device, there will be no prompt for another device registration because the provisioning key is not available anymore on the device.
The only issue I can foresee here are the application build logs.
That contains the whole procedure for building the docker image, which is not something that should be easily compromised.
Can you consider opening an issue requesting access to the build logs to be restricted? I cannot think of a reason this access is actually needed. Of course, I might be wrong.
I believe the device key should only allow access to the minimum amount of information that is actually required. The developer has no control upon it after the hardware ships, so it should be considered compromised from the get-go.