Hi,
Is it possible to regenerate oauth_consumer_secret and oauth_consumer_key secrets for Foreman (Katello). Do i need to change it on proxies also after that, not only in * /etc/foreman/settings.yaml*?
Old oauth secrets kinda “leaked” and i would like to change them.
Thanks.
OAuth credentials are only used to communicate with the API to register a Smart Proxy. That part is done by the installer. So you can rotate them without seeing any issue at runtime, but the next time you run the installer on a Smart Proxy you must provide the proper credentials. The register part also refreshes features, which is important for proper functionality on upgrades (or changes like installing a new feature).
You can rotate them on the Foreman server:
foreman-installer \
--foreman-oauth-consumer-key "MY_NEW_KEY" \
--foreman-oauth-consumer-secret "MY_NEW_SECRET \
--foreman-proxy-oauth-consumer-key "MY_NEW_KEY" \
--foreman-proxy-oauth-consumer-secret "MY_NEW_SECRET"
(It would be great if this was more dynamic and you didn’t need to supply it twice, but we don’t have that now.)
Then on any Smart Proxy:
foreman-installer \
--foreman-proxy-oauth-consumer-key "MY_NEW_KEY" \
--foreman-proxy-oauth-consumer-secret "MY_NEW_SECRET"