Quickstart: Create DPS enrollments using Python service SDK

Article
03/31/2023

In this quickstart, you programmatically create an individual device enrollment in the Azure IoT Hub Device Provisioning Service (DPS). The Python Provisioning Service SDK will be used to create the enrollment.

Prerequisites

Completion of Set up the IoT Hub Device Provisioning Service with the Azure portal.
An Azure account with an active subscription. Create a trial subscription.
Python 2.x or 3.x. This quickstart installs the Python Provisioning Service SDK below.
Pip, if not included with your distribution of Python.
Endorsement key. Use the steps in Create and provision a simulated device or use the endorsement key supplied with the SDK, described below.

Important

This article only applies to the deprecated V1 Python SDK. Device and service clients for the IoT Hub Device Provisioning Service are not yet available in V2. The team is currently hard at work to bring V2 to feature parity.

Prepare the environment

Download and install Python 2.x or 3.x. Make sure to use the 32-bit or 64-bit installation as required by your setup. When prompted during the installation, make sure to add Python to your platform-specific environment variables.
For the Python Provisioning Service SDK, choose one of the following options:
- Build and compile the Azure IoT Python SDK. Follow these instructions to build the Python packages. If you are using Windows OS, then also install Visual C++ redistributable package to allow the use of native DLLs from Python.
- Install or upgrade pip, the Python package management system and install the package via the following command:
```
pip install azure-iothub-provisioningserviceclient
```
This topic demonstrates both symmetric key and TPM enrollments from the tabs below.
- Symmetric Key
For symmetric key device enrollments, you need a primary and secondary key for your device. If you don't have a valid symmetric key, you can use the following example keys for this example:

Primary Symmetric key
```
UmorGiEVPNIQuaWGXXbe8v9gWayS7XtOZmNMo6DEaEXP65GvhuK3OeRf8RVZ9BymBCHxNg3oRTey0pUHUwwYKQ==
```
Secondary Symmetric key
```
Zx8/eE7PUBmnouB1qlNQxI7fcQ2HbJX+y96F1uCVQvDj88jFL+q6L9YWLLi4jqTmkRPOulHlSbSv2uFgj4vKtw==
```

Modify the Python sample code

This section shows how to add the provisioning details of your individual enrollment to the sample code.

Using a text editor, create a new Enrollment.py file.
Add the following import statements and variables at the start of the Enrollment.py file. Then replace dpsConnectionString with your connection string found under Shared access policies in your Device Provisioning Service on the Azure portal. Replace key(s) for your device with the value noted previously in Prepare the environment. Finally, create a unique registrationid and be sure that it only consists of lower-case alphanumerics and hyphens.
- Symmetric Key
```
from provisioningserviceclient import ProvisioningServiceClient
from provisioningserviceclient.models import IndividualEnrollment, AttestationMechanism
from provisioningserviceclient.protocol.models import SymmetricKeyAttestation

CONNECTION_STRING = "Enter your DPS connection string"
PRIMARY_KEY = "Add a valid key"
SECONDARY_KEY = "Add a valid key"
REGISTRATION_ID = "Enter a registration ID"
```

Add the following function and function call to implement the creation of the individual enrollment:

Symmetric Key

def main():
    print ( "Starting individual enrollment..." )

    psc = ProvisioningServiceClient.create_from_connection_string(CONNECTION_STRING)

    symAtt = SymmetricKeyAttestation(primary_key=PRIMARY_KEY, secondary_key=SECONDARY_KEY)
    att = AttestationMechanism(type="symmetricKey", symmetric_key=symAtt)
    ie = IndividualEnrollment.create(REGISTRATION_ID, att)

    ie = psc.create_or_update(ie)

    print ( "Individual enrollment successful." )

if __name__ == '__main__':
    main()

Save and close the Enrollment.py file.

Run the sample to create an enrollment

Open a command prompt, and run the script.
```
python Enrollment.py
```
Observe the output for the successful enrollment.
Navigate to your provisioning service in the Azure portal. Select Manage enrollments. Notice that your device enrollment appears under the Individual Enrollments tab, with the name registrationid created earlier.

Clean up resources

If you plan to explore the Java service sample, do not clean up the resources created in this quickstart. If you do not plan to continue, use the following steps to delete all resources created by this quickstart.

Close the Python sample output window on your machine.
If you created a simulated TPM device, close the TPM simulator window.
Navigate to your Device Provisioning service in the Azure portal, select Manage enrollments, and then select the Individual Enrollments tab. Select the check box next to the Registration ID for the enrollment entry you created using this quickstart, and press the Delete button at the top of the pane.

Next steps

In this quickstart, you've programmatically created an individual enrollment entry for a device. To learn about device provisioning in depth, continue to the tutorial for the Device Provisioning Service setup in the Azure portal.

Azure IoT Hub Device Provisioning Service tutorials