Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
d
David Gagliardi
05/21/2019, 8:30 PMTIL: Enroll secrets change over time
z
zwass
05/22/2019, 1:31 AMEnroll secrets can change over time but currently I don't think there is a mechanism in Fleet that would do so automatically.
d
David Gagliardi
05/22/2019, 4:29 PMfascinating... would a restart of the fleet service induce that perhaps? I guess I can experiment and report back here
well, a restart did not change it... I'll go back a look over previous enroll_secret's from past hosts I've installed.
z
zwass
05/22/2019, 5:03 PMThe enroll secret is stored in the DB and shouldn’t change
d
David Gagliardi
05/22/2019, 5:30 PMcrazy town, but i have an enroll secret for the fleet server itself and my mac that are quite different... i don't think it's worth a witch hunt over, I'm a very new user to fleet and osquery itself, so I'm going to err on the side of I did something wrong.
I'll continue to keep an eye for it though now that I know the intended behavior
z
zwass
05/22/2019, 6:07 PMIt's possible you enrolled the mac with the Fleet enroll secret and subsequently changed the enroll secret on the mac. The changed secret wouldn't be used unless the mac was deleted in Fleet and had to re-enroll.
Because the individual node provides the enroll secret to Fleet which returns a node key that is used for further authentication.