Hello, I’m trying to set up the GCP pub/sub with Kolide and I’m using a service account to grant permissions to be able to publish logs. Therefore, I’m using a json containing the service account key. I wonder if kolide has any mechanism to handle key rotations, or I have to take into consideration this situation by other means
s
sundsta
08/13/2020, 2:42 PM
That’s outside of the scope of Fleet. If you want to rotate that key, you have to generate a new key for the service account, update the Fleet config, and then revoke the old key.
sundsta
08/13/2020, 2:43 PM
That said, there isn’t any need to rotate the key unless you have reason to believe its compromised.
sundsta
08/13/2020, 2:47 PM
Also, since you’re running in GCP it’s better to just have Fleet run under the service account’s identity, that way you don’t need to pass it a JSON key