Offboarding New Tech Working Group Team Members
Up to: Tech Working Group
How to remove members up with TWG
We need a well-defined process for revoking administrative access to servers for Tech Working Group (TWG) members. This is important for security and also just to have a good sense of who has administrative access to our systems. We don't expect formerly-active members of the co-op to be become bad actors. This process is simply here to reduce the attack surface by individuals outside of the co-op.
Process
The off-boarding process can be initiated in two ways.
User Initiated
A user can withdraw from the TWG:
- A TWG member decides they don't want access any more and lets someone from the TWG know.
- An active member of the TWG follows the off-boarding checklist.
Member Initiated
A TWG member may notice inactive users in the pass database:
- After 6 months of inactivity an active member asks if the inactive member wants to officially withdraw.
- If they reply affirmatively or if they don't reply within 7 days, they are off-boarded.
Checklist
A current TWG administrator will follow the following steps to off-board an old member from the TWG:
- Remove SSH key from ansible repo.
- Remove GPG key from pass repo and edit .gpg-id file.
- Re-encrypt pass files.
- Run ansible playbook to remove SSH key.
- Remove from tech.group and admin email aliases.