Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
n
Norberto Garcia Marin
08/13/2020, 10:22 AMHello, I’m trying to set up the GCP pub/sub with Kolide and I’m using a service account to grant permissions to be able to publish logs. Therefore, I’m using a json containing the service account key. I wonder if kolide has any mechanism to handle key rotations, or I have to take into consideration this situation by other means
s
sundsta
08/13/2020, 2:42 PMThat’s outside of the scope of Fleet. If you want to rotate that key, you have to generate a new key for the service account, update the Fleet config, and then revoke the old key.
That said, there isn’t any need to rotate the key unless you have reason to believe its compromised.
Also, since you’re running in GCP it’s better to just have Fleet run under the service account’s identity, that way you don’t need to pass it a JSON key
n
Norberto Garcia Marin
08/14/2020, 7:08 AMThanks, I tried that last thing and It’s working!