The next generation of IoT scenarios must consider security aspects as a first class component. As a core aspect, key management is crucial for the establishment of security associations between endpoints. According to it, in this work we propose a novel architecture of security association establishment based on bootstrapping technologies in order to manage the life-cycle of cryptographic keys in IoT. Based on our previous work, we propose a key derivation process by using a lightweight bootstrapping mechanism specifically designed for IoT. Then, the derived cryptographic material is used as an authentication credential of the EDHOC protocol, which represents a standardization effort for key agreement in IoT. EDHOC is an application layer alternative to the DTLS handshake, in order to provide end-to-end security properties even in the presence of intermediate entities, such as proxies. Evaluation results prove the feasibility of our approach, which represents one of the first efforts to consider application layer security approaches for the IoT.