https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
d

Dan Achin

11/18/2020, 10:04 PM
Hi. Can anyone tell me if the enroll_secret is presented by the client only when it initially enrolls with Fleet, or does it present it at other times like check-ins / posting data / etc?
z

zwass

11/18/2020, 10:12 PM
Only at first check in. Later the host presents its unique "node key".
🙏 1
d

Dan Achin

11/18/2020, 10:13 PM
OK, thanks much. Would first check-in include service restart?
We trying to assess how difficult it would be to rotate that enroll_secret as part of our standard security practices. If we only use it at first check-in, that makes it easier to rotate. 🙂
s

seph

11/19/2020, 3:43 AM
No, not a service restart.
It is presented when, and only when, there is no node key.
node keys are stored in the local database directory
👍 1
1
z

zwass

11/19/2020, 5:00 PM
Rotating the enroll secret is especially easy since you can have multiple valid secrets at once. But the enroll secret is rarely used anyway.
👍 1
d

Dan Achin

11/19/2020, 8:14 PM
Awesome, thanks!
2 Views
Powered by