diff --git a/salt/common/tools/sbin/so-fleet-setup b/salt/common/tools/sbin/so-fleet-setup
index a3aa013a2..6570862c7 100755
--- a/salt/common/tools/sbin/so-fleet-setup
+++ b/salt/common/tools/sbin/so-fleet-setup
@@ -17,7 +17,7 @@ fi
 
 docker exec so-fleet fleetctl config set --address https://127.0.0.1:8080 --tls-skip-verify --url-prefix /fleet
 docker exec so-fleet bash -c 'while [[ "$(curl -s -o /dev/null --insecure -w ''%{http_code}'' https://127.0.0.1:8080/fleet)" != "301" ]]; do sleep 5; done'
-docker exec so-fleet fleetctl setup --email $1 --password $2
+docker exec so-fleet fleetctl setup --email $1 --password $2 --name admin --org-name SO
 
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/MacOS/osquery.yaml
 docker exec so-fleet fleetctl apply -f /packs/palantir/Fleet/Endpoints/Windows/osquery.yaml
diff --git a/salt/fleet/event_update-enroll-secret.sls b/salt/fleet/event_update-enroll-secret.sls
index 609020247..475c3e968 100644
--- a/salt/fleet/event_update-enroll-secret.sls
+++ b/salt/fleet/event_update-enroll-secret.sls
@@ -1,4 +1,4 @@
-{% set ENROLLSECRET = salt['cmd.run']('docker exec so-fleet fleetctl get enroll-secret default') %}
+{% set ENROLLSECRET = salt['cmd.shell']('docker exec so-fleet fleetctl get enroll-secret --json | jq -r ".spec.secrets[].secret"') %}
 
 so/fleet:
   event.send:
diff --git a/salt/fleet/files/packs/osquery-config.conf b/salt/fleet/files/packs/osquery-config.conf
index 4ce82cb8d..99cbe2197 100644
--- a/salt/fleet/files/packs/osquery-config.conf
+++ b/salt/fleet/files/packs/osquery-config.conf
@@ -1,31 +1,34 @@
+---
 apiVersion: v1
-kind: options
+kind: config
 spec:
-  config:
-    decorators:
-      always:
-      - SELECT codename FROM os_version;
-      - SELECT uuid AS live_query FROM system_info;
-      - SELECT address AS endpoint_ip1 FROM interface_addresses where address not
-        like '%:%' and address not like '127%' and address not like '169%' order by
-        interface desc limit 1;
-      - SELECT address AS endpoint_ip2 FROM interface_addresses where address not
-        like '%:%' and address not like '127%' and address not like '169%' order by
-        interface asc limit 1;
-      - SELECT hardware_serial FROM system_info;
-      - SELECT hostname AS hostname FROM system_info;
-    options:
-      decorations_top_level: true
-      disable_distributed: false
-      distributed_interval: 10
-      distributed_plugin: tls
-      distributed_tls_max_attempts: 3
-      distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
-      distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
-      enable_windows_events_publisher: true
-      enable_windows_events_subscriber: true
-      logger_plugin: tls
-      logger_tls_endpoint: /api/v1/osquery/log
-      logger_tls_period: 10
-      pack_delimiter: _
-  overrides: {}
+  server_settings:
+    enable_analytics: false
+config:
+  decorators:
+    always:
+    - SELECT codename FROM os_version;
+    - SELECT uuid AS live_query FROM system_info;
+    - SELECT address AS endpoint_ip1 FROM interface_addresses where address not
+      like '%:%' and address not like '127%' and address not like '169%' order by
+      interface desc limit 1;
+    - SELECT address AS endpoint_ip2 FROM interface_addresses where address not
+      like '%:%' and address not like '127%' and address not like '169%' order by
+      interface asc limit 1;
+    - SELECT hardware_serial FROM system_info;
+    - SELECT hostname AS hostname FROM system_info;
+  options:
+    decorations_top_level: true
+    disable_distributed: false
+    distributed_interval: 10
+    distributed_plugin: tls
+    distributed_tls_max_attempts: 3
+    distributed_tls_read_endpoint: /api/v1/osquery/distributed/read
+    distributed_tls_write_endpoint: /api/v1/osquery/distributed/write
+    enable_windows_events_publisher: true
+    enable_windows_events_subscriber: true
+    logger_plugin: tls
+    logger_tls_endpoint: /api/v1/osquery/log
+    logger_tls_period: 10
+    pack_delimiter: _
+overrides: {}
diff --git a/salt/fleet/init.sls b/salt/fleet/init.sls
index 2a0ac540b..d2aaa905c 100644
--- a/salt/fleet/init.sls
+++ b/salt/fleet/init.sls
@@ -115,20 +115,20 @@ so-fleet:
     - port_bindings:
       - 0.0.0.0:8080:8080
     - environment:
-      - KOLIDE_MYSQL_ADDRESS={{ MAINIP }}:3306
-      - KOLIDE_REDIS_ADDRESS={{ MAINIP }}:6379
-      - KOLIDE_MYSQL_DATABASE=fleet
-      - KOLIDE_MYSQL_USERNAME=fleetdbuser
-      - KOLIDE_MYSQL_PASSWORD={{ FLEETPASS }}
-      - KOLIDE_SERVER_CERT=/ssl/server.cert
-      - KOLIDE_SERVER_KEY=/ssl/server.key
-      - KOLIDE_LOGGING_JSON=true
-      - KOLIDE_AUTH_JWT_KEY= {{ FLEETJWT }}
-      - KOLIDE_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
-      - KOLIDE_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
-      - KOLIDE_SERVER_URL_PREFIX=/fleet
-      - KOLIDE_FILESYSTEM_ENABLE_LOG_ROTATION=true
-      - KOLIDE_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
+      - FLEET_MYSQL_ADDRESS={{ MAINIP }}:3306
+      - FLEET_REDIS_ADDRESS={{ MAINIP }}:6379
+      - FLEET_MYSQL_DATABASE=fleet
+      - FLEET_MYSQL_USERNAME=fleetdbuser
+      - FLEET_MYSQL_PASSWORD={{ FLEETPASS }}
+      - FLEET_SERVER_CERT=/ssl/server.cert
+      - FLEET_SERVER_KEY=/ssl/server.key
+      - FLEET_LOGGING_JSON=true
+      - FLEET_AUTH_JWT_KEY= {{ FLEETJWT }}
+      - FLEET_OSQUERY_STATUS_LOG_FILE=/var/log/fleet/status.log
+      - FLEET_OSQUERY_RESULT_LOG_FILE=/var/log/osquery/result.log
+      - FLEET_SERVER_URL_PREFIX=/fleet
+      - FLEET_FILESYSTEM_ENABLE_LOG_ROTATION=true
+      - FLEET_FILESYSTEM_ENABLE_LOG_COMPRESSION=true
     - binds:
       - /etc/pki/fleet.key:/ssl/server.key:ro
       - /etc/pki/fleet.crt:/ssl/server.cert:ro