Is there any way I can automate refreshing the access tokens in Cribl?

tpeveler

Hey all I am using a REST API to collect logs using GCP OAuth token. As the authorization token expires every hour, is there any way I can automate refreshing the access tokens in Cribl

Kevin Morris

It sounds like you should be using an API key, not OAuth https://cloud.google.com/endpoints/docs/openapi/when-why-api-key

Kevin Morris

https://cloud.google.com/docs/authentication/token-types#access ```Access token lifetime By default, access tokens are good for 1 hour (3,600 seconds). When the access token has expired, your token management code must get a new one. If you need an access token with a longer lifetime, and your organization policy includes the iam.allowServiceAccountCredentialLifetimeExtension constraint, you can use the serviceAccounts.generateIdToken method to generate an access token for a service account with a lifetime of up to 12 hours. You can't create access tokens with an extended lifetime for user credentials or external identities. For more information, see Generating an OAuth 2.0 access token.``` https://cloud.google.com/iam/docs/create-short-lived-credentials-direct#sa-credentials-oauth I'm not sure if that helps clarify. I honestly haven't done much with GCP but I'm sure it parallels other things I've worked with.

tpeveler

Many thanks <@U02GV62PH1B&gt; for sharing the above information. But my intention is not to extend access token's life time but rather to automate the renewal process in cribl. Not sure if its doable but am going to keep this post open for any suggestions.

Kevin Morris

Are you actually using the OAuth option in the REST collector? https://docs.cribl.io/stream/collectors-rest#oauth-auth

Yury

Hello, any update on this? We use REST Collector, but struggling to implement short lived token rotation. What is the right way to authenticate to googleapi?

Jon Rust

This script may help you:

https://github.com/camrunr/cribl_update_secret