Skip to content

Android agent: get node key #35435

New issue
New issue
Open
#36231
#36414
Open
Android agent: get node key#35435
#36231
#36414
Assignees
dantecatalfamo
Labels
#g-security-complianceSecurity & Compliance product group:releaseReady to write code. Scheduled in a release. See "Making changes" in handbook.~sub-taskA technical sub-task that is part of a story. (Not QA'd. Not estimated.)
Milestone
4.78.0
@getvictor

Description

@getvictor
getvictor
opened on Nov 10, 2025

Related user story

#34856

Task

  • Android agent needs to get a node key from Fleet server using a normal enroll secret
    • The host should already exist (enrolled via Android MDM)
  • Android stores node key in Android keychain
  • If host tries to get a node key a second time, we do the same thing we do when orbit tries to enroll a 2nd time

Old scope. We will not use a one-time enroll secret for this version

  • Create DB table for one-time enroll secrets
  • Create an API endpoint for using one-time enroll secret to get/set a node_key on the Android host (or orbit_node_key?)
  • Revoke the one-time enroll secret after Android agent acknowledges receipt of the node_key (for network issues or device disconnecting)
  • Update Android app to use the API to get the node key
    • app retries 5x; server logs unsuccessful attempts

Metadata

Metadata

Assignees

Labels

#g-security-complianceSecurity & Compliance product group:releaseReady to write code. Scheduled in a release. See "Making changes" in handbook.~sub-taskA technical sub-task that is part of a story. (Not QA'd. Not estimated.)

Type

No type

Projects

🛡️ #g-security-compliance

Status

🐣 In progress

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions