You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Update the howto-credential-rotation guide to include newly supported etcd and local storage credential rotation support.
Remove statements with listed credentials to reduce the amount of repetition and be more generic for adding more credentials in the future.
Copy file name to clipboardExpand all lines: articles/operator-nexus/howto-credential-rotation.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -31,24 +31,26 @@ The Operator Nexus Platform offers a managed credential rotation process that au
31
31
- Baseboard Management Controller (BMC)
32
32
- Pure Storage Array Administrator
33
33
- Console User for emergency access
34
+
- etcd
35
+
- Local path storage
34
36
35
37
When a new Cluster is created, the credentials are automatically rotated during deployment. The managed credential process then automatically rotates these credentials every 60 days. The updated credentials are written to the key vault associated with the Cluster resource. The last rotation timestamps are currently not visible to users, but is a planned enhancement to the Operator Nexus Platform.
36
38
37
39
> [!NOTE]
38
-
> The introduction of this capability enables auto-rotation for existing instances. If the BMC, Storage Administrator or Console User credentials have not been rotated within the last 60 days, they will be rotated at the time of upgrade.
40
+
> The introduction of this capability enables auto-rotation for existing instances. If any of the supported credentials have not been rotated within the last 60 days, they will be rotated at the time of upgrade.
39
41
40
42
Operator Nexus also provides a service for preemptive rotation of the above Platform credentials. This service is available to customers upon request through a support ticket. Credential rotation for Operator Nexus Fabric devices also requires a support ticket. Instructions for generating a support request are described in the next section.
41
43
42
44
## Create a support request
43
45
44
46
Users raise credential rotation requests by [contacting support](https://portal.azure.com/?#blade/Microsoft_Azure_Support/HelpAndSupportBlade). These details are required in order to perform the credential rotation on the requested target instance:
45
47
46
-
- Type of credential that needs to be rotated. Specify if the request is for a fabric device, BMC, Storage Admin, Console User or for all four types.
48
+
- Type of credential that needs to be rotated.
47
49
- Provide Tenant ID.
48
50
- Provide Subscription ID.
49
51
- Provide Resource Group Name in which the target cluster or fabric resides based on type of credential that needs to be rotated.
50
52
- Provide Target Cluster or Fabric Name based on type of credential that needs to be rotated.
51
53
- Provide Target Cluster or Fabric Azure Resource Manager (ARM) ID based on type of credential that needs to be rotated.
52
-
- Provide the Customer Key Vault ID where rotated credentials are written. Only applies to Operator Nexus Fabric devices. BMC, Pure Admin & Console User credential rotations use the key vault provided on the Cluster.
54
+
- Provide the Customer Key Vault ID where rotated credentials are written.
53
55
54
56
For more information about Support plans, see [Azure Support plans](https://azure.microsoft.com/support/plans/response/).
0 commit comments