I would like to automate the process of ‘etching’ devices as much as possible. As I see it, the only step that I can not automate is to plug in the SD card into a computer. And when doing this, I don’t want the person to flash the image to need admin rights on my balena fleet…
As far as I understand it, I just need to prepare a config.json (containing especially the device uuid, the fleet and an api key). Why does the balena os configure command still require a login?
While it’s not expected that the user would need admin rights, they do need some level of access. The reason is that the command is gaining access to an image you’ve added to your Fleet, and we wouldn’t want someone other than people you’ve authorized to have access to those images.
By ‘image’ you mean docker images? I guess the part I don’t understand is why this command needs that? Does this command not just put the ‘config.json’ into the ‘.img’?
Apologies for the late reply, somehow the ping didn’t reach me!
It is true that the config.json itself may not be a concern for most people from a privileges perspective, our CLI is mapped to Member Type privileges the same way balenaCloud is, so this is just a CLI extension of the same privileges you’ve given to various members otherwise. Account management - Balena Documentation
That said, if you don’t want this person to need a balenaCloud account at all, you could just give them the image once, and they could flash it to as many devices as you want. The way you have it setup, you’re not preloading with a UUID, so the image you’ve created will work with any devices, and on first-boot they will be given their UUID, etc. as part of their initiation with balenaCloud.
Let me know if that helps you make the process a bit smoother! I’m happy to help come up with other ideas if that one doesn’t work out.