Hello, I’m trying to set up the GCP pub/sub with K...
# koliden
Norberto Garcia Marin
08/13/2020, 10:22 AMHello, I’m trying to set up the GCP pub/sub with Kolide and I’m using a service account to grant permissions to be able to publish logs. Therefore, I’m using a json containing the service account key. I wonder if kolide has any mechanism to handle key rotations, or I have to take into consideration this situation by other means
s
sundsta
08/13/2020, 2:42 PMThat’s outside of the scope of Fleet. If you want to rotate that key, you have to generate a new key for the service account, update the Fleet config, and then revoke the old key.
sundsta
08/13/2020, 2:43 PMThat said, there isn’t any need to rotate the key unless you have reason to believe its compromised.
sundsta
08/13/2020, 2:47 PMAlso, since you’re running in GCP it’s better to just have Fleet run under the service account’s identity, that way you don’t need to pass it a JSON key
n
Norberto Garcia Marin
08/14/2020, 7:08 AMThanks, I tried that last thing and It’s working!
2 Views