NOTE: If you create a new enrollment token you will need to re-run config on all clients. Make sure you CANNOT find your original token before proceeding.
The following will guide you through the process of generating a new host enrollment token.
- Using the
step cligenerate a new key pair.
$ step crypto keypair pub.key priv.key- Sign a token with the private key (this is your new enrollment token)
$ echo '{"kubernetes.io/serviceaccount/service-account.name":"smallstep", "iss":"kubernetes/serviceaccount", "sub":"smallstep"}' | step crypto jws sign --key priv.key
SAVE THE TOKEN IN A SAFE PLACE!!!!!!!
Print the public key:
$ cat pub.keyOpen a support ticket, and send us the key: we'll update the back end so you can start enrolling new hosts.
Once updated the things you will need to re-run config on all clients
$ step ssh config --team <your_team> --force
Make sure you put a copy of your new token in a safe place