Enrollment codes
Short codes the blank installer uses to resolve "which customer does this Mac belong to?" at install time.
Generate a new code
| Code | Customer | Created | Expires | Uses | Status | |
|---|---|---|---|---|---|---|
| No codes issued yet. Generate one above. | ||||||
How the blank installer uses these:
- User runs the blank
reignzero-agent-blank.pkg - Bootstrap script prompts: "Enter your Reign Zero enrollment code"
- Script hits
GET agent.$DOMAIN/enroll/code/<CODE>.json - Server responds with
customer_slug+enroll_secret(and decrements use count) - Script enrolls the Mac into that customer's MDM
Security: the public lookup endpoint is rate-limited at the Caddy layer. Codes are stored in a local sqlite DB at /certs-data/enrollment.sqlite. Every lookup (success or failure) is audited with the caller's IP.