Define access and usage policies for 1Password account

[dyladan]

trafficstars

The latter.

• Are we going to share passwords across all maintainers of all SIGs, or each SIG should have its own 1password sub-account (don't know if possible), etc.
• Do we want to enforce the model where published artifacts are always produced by bot accounts (whose password is shared), instead of adding personal accounts of maintainers to the "owners team" in each respective artifactory?

Originally posted by @yurishkuro in https://github.com/open-telemetry/community/pull/1014#discussion_r858883706

[dyladan]

I'm not familiar with the exact teams features of 1Password but it seems like access to resources can be granted to only specific people. This seems like a good way to share resources with maintainers without broadcasting on an insecure channel. One example of where this may be useful is in zoom room moderation. The moderator credentials can be shared securely in 1Password with only the maintainers who need them in order to prevent spam. There may be other resources like youtube. Also in the future we may want to have an official email domain or other similar resources.

[codeboten]

As of now, the way this is currently setup in 1password is that there is a separate vault for each SIG with members of that SIG being members given admin rights within their vaults.

There are owners and administrators groups, both of which I'm the only member of which have access to manage vault user permissions. I would think GC/TC members should be members of these groups with elevated privileges.