Channels
  • clong

    clong

    7 months ago
    is there any way to force a refresh of the node key?
  • zwass

    zwass

    7 months ago
    For a Fleet user I'd recommend deleting the host from Fleet -- that would cause a re-enrollment when the host next checks in and receives a
    node_invalid
    message.
    I imagine there's some equivalent that could be done in any other TLS server implementation.
  • clong

    clong

    7 months ago
    ah yeah we're not using fleet here (yet) :[
    is the node key just
    osquery.db/IDENTITY
    ?
  • s

    seph

    7 months ago
    This is relatively easy from the server. Less sure about the client. If you’re re-enrolling, do you need to keep any of the local state? (vs removing the entire database)
  • zwass

    zwass

    7 months ago
    is the node key just osquery.db/IDENTITY? I think probably not. The node key will be somewhere in the rocksdb database that I would expect to be opaque except when parsed by rocksdb.
  • clong

    clong

    7 months ago
    thanks guys
  • Jams

    Jams

    7 months ago