Currently, workerpool reset operation regenerates the pool token, which is useful for recovery if the token is leaked. However, the documentation also suggests using this operation if the certificate is leaked — but in practice, the certificate (and its private key) is not regenerated during reset.
If the private key used to sign the workerpool certificate is compromised, the only current way to replace it is by recreating the entire workerpool. This is problematic when the workerpool is in use, as it’s attached to multiple stacks that cannot easily be reconfigured in a programmatic way.
Attempting to replace the certificate (CSR and private key) via Terraform currently results in an error, as certificate changes require workerpool recreation. This makes it impossible to recover from a leaked certificate without disrupting stacks.
Proposed improvements:
Support in-place certificate rotation (provide new CSR) without recreating the workerpool.
Allow combining token reset and certificate rotation in a single operation.
Make both actions available via Terraform as well as the UI.
This —as the current reset operation— still implies that workers will need to be recreated to fetch the new certificate and credentials, which is expected and desirable.
Benefits:
Enables secure recovery from leaked or compromised workerpool certificates without service disruption.
Aligns actual behaviour with documentation suggestions.
Improves Terraform parity with UI functionality.
Please authenticate to join the conversation.
👀 In Review
💡 Feature Requests
Workers
6 months ago
Get notified by email when there are changes.
👀 In Review
💡 Feature Requests
Workers
6 months ago
Get notified by email when there are changes.