ServiceNow CMDB CI relationship sync: faster, more complete →
Turbot Guardrails Hub 
Hub
Mods
Turbot
5
Mods
30
Resource Types
133
Policies
33
Controls
0
Quick Actions
0
IAM

Policy: Turbot > Workspace > osquery > Secrets > Rotation

Check or Enforce that Turbot > Workspace > osquery > Secrets are being per the Turbot > Workspace > osquery > Secrets > Expiration Period policy. For example, secrets must be rotated every year.

This policy is very useful when combined with Turbot's automatic management of event handlers across cloud providers.

If your organization requires continuous rotation of secrets, then use Turbot automation combined with Enforce: Rotate osquery secret.

A common (and practical) policy position is having the ability to rotate secrets when required - as opposed to continuous rotating them. In that case you could set this policy to Check combined with an expiration period of Never.

Resource Types

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Controls

Policy Specification

Schema Type
string
Valid Values [YAML]
  • Skip

  • Check: osquery secret requires rotation

  • Enforce: Rotate osquery secret
Default template
{%- if $.osquery == 'Enabled' -%}
'Enforce: Rotate osquery secret'
{%- else -%}
Skip
{%- endif -%}
Default template input
|
  {
    osquery: policy(uri:"#/policy/types/workspaceOsquery")
  }
Examples [YAML]
  • Check: osquery secret requires rotation

Category

In Your Workspace

Developers