Configure secret rotations
Stay organized with collections
Save and categorize content based on your preferences.
This page lists the resources for information on how to set up and configure secret rotations for Google Distributed Cloud (GDC) air-gapped appliance.
- BM SSH keys and certificate: PLATAUTH-G0003
- Chassis certificate, username and password rotation: APPL-G0001
- Changing the iLO username and password for Baseboard Management Controller (BMC) and chassis:
- Integrated Lights-Out (iLO) credential rotation: SERV P0002
- BMC certificate rotation: SERV P0003
- Ironic certificate rotation: SERV P0004
- Harbor:
- In-cluster Harbor admin credentials rotation: SAR-R2001
- Harbor robot account credentials rotation: SAR-R2003
- Rotating SAR certificates: SAR-T0001
- Rotating Harbor components credentials: SAR-T0002
- Identity provider secrets rotation:
- Keycloak: IAM-T0001
- Object storage:
- Object storage credentials.
- Disk encryption keys.
- Storage authentication keys and certificates.
- Physical networking (PNET):
- Switch credentials:
gdcloud appliance rotate switch-credentials
- Switch certificate:
gdcloud appliance rotate switch-certificate
To access the runbooks in the IO tools container, see Set up the IO tools to access runbooks
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-09-04 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Configure secret rotations\n\nThis page lists the resources for information on how to set up and configure secret rotations for Google Distributed Cloud (GDC) air-gapped appliance.\n\n1. BM SSH keys and certificate: [PLATAUTH-G0003](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/platauth/guides/platauth-g0003)\n2. Chassis certificate, username and password rotation: [APPL-G0001](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/appl/guides/appl-g0001)\n3. Changing the iLO username and password for Baseboard Management Controller (BMC) and chassis:\n 1. Integrated Lights-Out (iLO) credential rotation: [SERV P0002](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/serv/processes/serv-p0002)\n 2. BMC certificate rotation: [SERV P0003](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/serv/processes/serv-p0003)\n 3. Ironic certificate rotation: [SERV P0004](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/serv/processes/serv-p0004)\n4. Harbor:\n 1. In-cluster Harbor admin credentials rotation: [SAR-R2001](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/sar/runbooks/sar-r2001)\n 2. Harbor robot account credentials rotation: [SAR-R2003](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/sar/runbooks/sar-r2003)\n 3. Rotating SAR certificates: [SAR-T0001](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/sar/toil/sar-t0001)\n 4. Rotating Harbor components credentials: [SAR-T0002](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/sar/toil/sar-t0002)\n5. Identity provider secrets rotation:\n 1. Keycloak: [IAM-T0001](/distributed-cloud/hosted/docs/latest/gdch/gdch-io/service-manual/iam/toil/iam-t0001)\n6. Object storage:\n 1. [Object storage credentials](/distributed-cloud/hosted/docs/latest/appliance/admin/object-storage-key-rotation).\n 2. [Disk encryption keys](/distributed-cloud/hosted/docs/latest/appliance/admin/disk-encryption-key-rotation).\n 3. [Storage authentication keys and certificates](/distributed-cloud/hosted/docs/latest/appliance/admin/storage-auth-key-and-cert-rotation).\n7. Physical networking (PNET):\n 1. Switch credentials: [`gdcloud appliance rotate switch-credentials`](/distributed-cloud/hosted/docs/latest/appliance/resources/gdcloud-reference/gdcloud-appliance-rotate-switch-credentials)\n 2. Switch certificate: [`gdcloud appliance rotate switch-certificate`](/distributed-cloud/hosted/docs/latest/appliance/resources/gdcloud-reference/gdcloud-appliance-rotate-switch-certificate)\n\nTo access the runbooks in the IO tools container, see [Set up the IO tools to access runbooks](/distributed-cloud/hosted/docs/latest/appliance/admin/iotool-setup)"]]