ServiceNow CMDB CI relationship sync: faster, more complete →
Mods
Turbot

Policy: Turbot > Workspace > osquery > Secrets

The JWT token is signed by Turbot using a secret from osquery > Secrets, as set by this policy. This ensures that fake tokens cannot be generated or used.

Turbot sets this policy on installation to complex password unique to your workspace. This is a secure, effective default.

To ensure secrets work, even during rotation, this policy is defined as an array. The first item is the current secret and is used to sign all newly issued tokens. Other secrets in the array are used for verifying existing tokens only.

osquery Secrets are generally either distributed manually, making them difficult to rotate, or managed by Turbot (e.g. with Stacks) and automatically rotated per the Turbot > Workspace > osquery Secrets > Rotation policy.

If you wish or need to rotate this secret manually, you should: 1. Add a new secret as the first item in the array, leaving existing secrets below. 2. Update the policy to remove old secrets that are no longer valid.

This policy defines a list of objects, including creation, expiration and active information for each secret. For example: [ { "secret": "E!TJ8x4!P15ic=DN", "created": "2020-07-28T21:32:27.537Z", "expiration": "2021-03-31T00:00:00.000Z", "isActive": true } ]

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
array
Default
- secret: turbot
isActive: false

Category

In Your Workspace

Developers