is there any way to force a refresh of the node ke...
# tls
c
is there any way to force a refresh of the node key?
z
For a Fleet user I'd recommend deleting the host from Fleet -- that would cause a re-enrollment when the host next checks in and receives a
node_invalid
message.
I imagine there's some equivalent that could be done in any other TLS server implementation.
c
ah yeah we're not using fleet here (yet) :[
🤓 1
is the node key just
osquery.db/IDENTITY
?
s
This is relatively easy from the server. Less sure about the client. If you’re re-enrolling, do you need to keep any of the local state? (vs removing the entire database)
z
is the node key just osquery.db/IDENTITY?
I think probably not. The node key will be somewhere in the rocksdb database that I would expect to be opaque except when parsed by rocksdb.
c
thanks guys
Copy code
{
  "node_invalid": false // Optional, return true to indicate re-enrollment.
}