Open ddribeiro opened 1 month ago
Thanks for tracking this @ddribeiro.
I think the plan is to use fleetdm.com (as a server that checks for expired certs) and script execution features in Fleet for now.
At some point in the future, when we have additional engineering capacity, we'll add this to Fleet.
cc @zwass @zayhanlon
I think the plan is to use fleetdm.com (as a server that checks for expired certs) and script execution features in Fleet for now.
Confirmed w/ @zayhanlon. Removing from feature fest for now.
cc @ddribeiro
Problem
As an IT admin, I'd like Fleet to orchestrate the lifecycle management of client certificates on my Linux hosts.
There are several parts to this request that might need to be broken down into smaller stories:
What have you tried?
customer-cisneros
is using scripts and Ubuntu Landscape to achieve this today.This workflow is able to renew certificates before they expire. It does not handle revocation.
Potential solutions
The solution for the customer would be to build a system in Fleet that replaces their current workflow and meets the requirements in the above sections. I don't have any solutions on how to best achieve this.
What is the expected workflow as a result of your proposal?
The expected workflow is that a Fleet admin would be able to use Fleet to manage client certificates on their Linux hosts instead of needed to build a custom workflow to handle this.