From 10a6348ddd8105fffbf09d84a8d298e0a88d5bad Mon Sep 17 00:00:00 2001 From: jeffssh Date: Fri, 19 Apr 2024 14:41:30 -0500 Subject: [PATCH] fixed minor typo not -> no (#1685) --- docs/Using-GAMADV-XTD3-with-a-YubiKey.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Using-GAMADV-XTD3-with-a-YubiKey.md b/docs/Using-GAMADV-XTD3-with-a-YubiKey.md index 6bb12d94..62938155 100644 --- a/docs/Using-GAMADV-XTD3-with-a-YubiKey.md +++ b/docs/Using-GAMADV-XTD3-with-a-YubiKey.md @@ -28,7 +28,7 @@ The YubiKey can be configured with a PIN that must be entered in order for it to Yes but in practice this does not work very well with GAMADV-XTD3. The YubiKey will need to be touched every time there is a GAMADV-XTD3 command running which for batch or cron jobs may be constant. GAMADV-XTD3 can use a PIN configured on the YubiKey in order to offer an additional layer of protection. ### If I use a YubiKey, do I need to rotate the private key regularly? -No, because the YubiKey generated the private key it cannot be digitally exported from the YubiKey so there is not chance for it to be copied and stolen. Instead you should physically secure the YubiKey from theft. +No, because the YubiKey generated the private key it cannot be digitally exported from the YubiKey so there is no chance for it to be copied and stolen. Instead you should physically secure the YubiKey from theft. ### What data does the service account private key have access to? When using domain-wide delegation with GAMADV-XTD3, the service account and anyone possessing the service account private key oauth2service.json file has access to the Gmail, Drive and Calendar data of ALL Workspace users in your domain. For this reason, whether using a YubiKey or not, you should take strong measures to protect the service account private key.