Team policy about password and account sharing

[choldgraf]

We've had a few situations now where an account looked like it belonged to JupyterHub, but we weren't sure if this was the case and we didn't know who might have access to it (most recently, in https://github.com/jupyterhub/team-compass/issues/562).

While we don't want to just automatically give credentials to everybody to everything (for security reasons), I think it's a good idea to reduce the uncertainty about who has access credentials to shared infrastructure, so that we can have a "source of truth" to know who to ask.

Suggestion

I suggest that we pass a lightweight policy for access credentials like the following:

• The Team Lead must have access credentials to all of our shared accounts and infrastructure.
• Any member of the Steering Council may have access to any shared infrastructure upon request to any other Steering Council member.
• Any time a Steering Council member shares access credentials with another, they must notify the team lead or make a public issue.
• If the Team Lead ever changes, the outgoing team lead must share information about who has access to each account with the incoming Team Lead.

[manics]

Sounds like a good idea! I think it'd also be good to document in one place who has access to each credential too.

What do you think about creating a private GitHub organisation repo (should be free) for recording internal information?

If changes are made through PRs then everyone can choose to be notified of a change in access credentials. The advantage of a private repo is we're not advertising to attackers who to target to gain access.

Alternatively we could use Google docs, though that's another set of permissions to manage.