Title
#kolide
n

Norberto Garcia Marin

08/13/2020, 10:22 AM
Hello, I’m trying to set up the GCP pub/sub with Kolide and I’m using a service account to grant permissions to be able to publish logs. Therefore, I’m using a json containing the service account key. I wonder if kolide has any mechanism to handle key rotations, or I have to take into consideration this situation by other means
sundsta

sundsta

08/13/2020, 2:42 PM
That’s outside of the scope of Fleet. If you want to rotate that key, you have to generate a new key for the service account, update the Fleet config, and then revoke the old key.
2:43 PM
That said, there isn’t any need to rotate the key unless you have reason to believe its compromised.
2:47 PM
Also, since you’re running in GCP it’s better to just have Fleet run under the service account’s identity, that way you don’t need to pass it a JSON key
n

Norberto Garcia Marin

08/14/2020, 7:08 AM
Thanks, I tried that last thing and It’s working!