Hello, I’m trying to set up the GCP pub/sub with Kolide and I’m using a service account to grant permissions to be able to publish logs. Therefore, I’m using a json containing the service account key. I wonder if kolide has any mechanism to handle key rotations, or I have to take into consideration this situation by other means
08/13/2020, 2:42 PM
That’s outside of the scope of Fleet. If you want to rotate that key, you have to generate a new key for the service account, update the Fleet config, and then revoke the old key.
That said, there isn’t any need to rotate the key unless you have reason to believe its compromised.
Also, since you’re running in GCP it’s better to just have Fleet run under the service account’s identity, that way you don’t need to pass it a JSON key