Understanding that Particle doesn’t provide HTTPS/TLS (even the lighter-weight elliptic curve crypto), it seems we’re left with webhooks to hit configured AWS endpoints.
Security is a hugely important thing for our customers, as I am sure many of yours. I am wondering what documentation / best-practices are out there?
In our particular case, we just need to be able to pub/sub MQTT topics…
There’s a decent-looking (community) library for that available for Particle which is fine, but for the fact that it is looking for username/password…so I presume there’s a technique for not hard-coding these in firmware.
Irrespective of that hard-coding question, AWS requires a significantly more secure mechanism to be able to access MQTT topics within their IoT platform (that or I’m not aware of a less-secure mechanism).
I welcome insights and discussion!