(CLI) ziti edge create identity --help

❯ ./ziti version
NAME            VERSION
ziti            v0.25.6
ziti-controller not installed
ziti-fabric     v0.0.0
ziti-prox-c     not installed
ziti-router     not installed
ziti-tunnel     not installed

An err occurred: command failed 'ziti-edge-tunnel version': /lib/ld-linux-armhf.so.3: No such file or directory exit status 255

❯ ./ziti edge create identity --help
creates a new identity managed by the Ziti Edge Controller

Usage:
  ziti edge create identity [command]

Available Commands:
  device      creates a new device identity managed by the Ziti Edge Controller
  service     creates a new service identity managed by the Ziti Edge Controller
  user        creates a new user identity managed by the Ziti Edge Controller

Flags:
  -h, --help   help for identity

Use "ziti edge create identity [command] --help" for more information about a command.

What’s the difference between the three types of identities I can create: device, service, user?

My guess is that

  • device is the common type where an identity is based on a certificate and installed permanently on a device
  • service identity is a placeholder identifier but the actual identity (private key, etc.) is issued by a 3rd party like SPIRE or an IdP
  • user is a password-based or multi-factor identity optimized for human interactive use cases

What boundary conditions will I encounter if I choose one type over the other, and can I change the type after I create it?

"nothing". they are just designations you can assign to identities.