👋 Hi everyone! Can you please help me? I am deploying osquery and fleet integration for a new initiative at work. At the time of establishing communication between osquery and fleet, osquery host needs the 'enrollsecret' file to register itself with Fleet server. From the security perspective, what are the repercussions if the secret file falls in wrong hands? An immediate answer I could think of - someone else can also register an unintended host with Fleet but thats just it. What else can go wrong? We are trying to estimate the damage that can happen with the file being open in the repository at the moment.

worst case I could think of is the rogue client receives your scheduled queries and they can then see your query logic. Whether or not your query content is secret or not likely makes this scenario bad or a nothing burger.

Hey @FG, thanks for the possibility based reply ! 🙂 Do you think just by having the secret, the badguys can access Fleet api or login to Fleet UI?

my understanding is that this secret is just to allow the client to handshake with fleet, and basically phone home, register with the server, and be pushed scheduled queries etc. It should now allow for API or UI access afaik.