And if it doesn t does the enrollment secret provide enough

Question

And if it doesn t does the enrollment secret provide enough security to connect fleet and hosts on an untrusted network

zwass · Answer

There is no support currently You could front the Fleet server with a proxy that does mTLS

zwass · Answer

I d also be happy to do a consulting engagement to add this

zwass · Answer

Most folks consider enroll secret + node keys to be sufficient

sundsta · Answer

If anything I m very interested if any rogue hosts enroll in my Fleet

stefanmaerz · Answer

Im curious what would a rogue osquery host do when attached to Fleet

grant seltzer · Answer

Pretend to be a host that they re not

grant seltzer · Answer

but yea I don t think it s the biggest worry in the world was just curious

stefanmaerz · Answer

^^^That makes sense Take offline the legit host and stand up a bad one that shows nothing is wrong