Offboarding New Tech Working Group Team Members

From Social.coop
Jump to navigation Jump to search

Up to: Tech Working Group

How to remove members up with TWG

We need a well-defined process for revoking administrative access to servers for Tech Working Group (TWG) members. This is important for security and also just to have a good sense of who has administrative access to our systems. We don't expect formerly-active members of the co-op to be become bad actors. This process is simply here to reduce the attack surface by individuals outside of the co-op.

Process

The off-boarding process can be initiated in two ways.

User Initiated

A user can withdraw from the TWG:

  1. A TWG member decides they don't want access any more and lets someone from the TWG know.
  2. An active member of the TWG follows the off-boarding checklist.

Member Initiated

A TWG member may notice inactive users in the pass database:

  1. After 6 months of inactivity an active member asks if the inactive member wants to officially withdraw.
  2. If they reply affirmatively or if they don't reply within 7 days, they are off-boarded.

Checklist

A current TWG administrator will follow the following steps to off-board an old member from the TWG:

  1. Remove SSH key from ansible repo.
  2. Remove GPG key from pass repo and edit .gpg-id file.
  3. Re-encrypt pass files.
  4. Run ansible playbook to remove SSH key.
  5. Remove from tech.group and admin email aliases.