Context

For security compliance reasons, organizations may need to regularly rotate the private keys used by their worker pools. This article explains how to handle worker pool private key rotation in Spacelift.

Answer

Currently, private keys for worker pools cannot be rotated directly as they are tied to the certificate during creation. To implement key rotation, you'll need to follow these steps:

1. Create a new worker pool with fresh key pair credentials

2. Migrate your stacks to the new worker pool:

   • Ensure there are no active runs on the stack you want to migrate

   • Update the stack configuration to use the new worker pool

   • Consider migrating stacks in batches to minimize disruption

3. Once all stacks are migrated, you can safely delete the old worker pool