UNCLASSIFIED - NO CUI

Skip to content

GitLab

Explore

Sign in

Offboarding MJ

POPs Team Member Offboarding for Micheal Johnson

This issue is used to track the progress of offboarding team members from POPs. This process includes removing access, and rotating creds.

Access Removal

Remove user's admin access in gitlab
Remove user from hardening_manifest.yaml and renovate.json files in this group
Remove user's membership from:
- ironbank-access/pops
- ironbank-access/pops-leadership
Remove user from ironbank.yaml in this project
Double check user's membership in the Gitlab admin portal
- Should be located at https://repo1.dso.mil/admin/users//projects
Double check whether user is directly listed in merge/push permissions on master/development for the master project template
Remove the user's pubkey from this project
If you are a harbor admin and you have keycloak access
- Find the role associated with Harbor admin in registry1.dso.mil
  - Look at Administration->Configuration->OIDC Admin Group
  - In Keycloak, remove the user from that group

Key Rotation

AWS Keys
- Prod + Staging
  - S3_ACCESS_KEY
  - S3_SECRET_KEY
  - COSIGN_AWS_ACCESS_KEY_ID
  - COSIGN_AWS_SECRET_ACCESS_KEY
Harbor push auth
- ironbank-staging (i.e. DOCKER_AUTH_CONFIG_FILE_PRE_PUBLISH)
- ironbank (i.e. DOCKER_AUTH_CONFIG_FILE_PUBLISH)
Gitlab bot tokens
- project access tokens:
  - CHT-ironbank-bot: project: https://repo1.dso.mil/cht-automation/bots/ironbank-bot ci_var: GITLAB_TOKEN
  - CHT-Robotnik: project: https://repo1.dso.mil/cht-automation/bots/ironbank-bot ci_var: IRONBANK_TOOLS_TOKEN
  - CHT-Triage: project: https://repo1.dso.mil/cht-automation/bots/triage ci_var: GITLAB_TOKEN
  - POPs-ci-var-checker: update this in the ironbank-bootstrap ci var script
  - POPs-project-metadata: project: https://repo1.dso.mil/ironbank-tools/project-metadata ci_var: IRONBANK_TOOLS_TOKEN
  - POPs-project-permissions: project: https://repo1.dso.mil/ironbank-tools/project-permissions ci_var: IRONBANK_TOOLS_TOKEN
  - POPs-project-template: project: https://repo1.dso.mil/ironbank-tools/project-template ci_var: IRONBANK_TOOLS_TOKEN
  - POPs-renovate-tools project: https://repo1.dso.mil/ironbank-tools/renovate-tools ci_var: IRONBANK_TOOLS_TOKEN
  - VAT-user-list: provide vat with this token
- User access tokens
  - POPs Trigger user: POPs-trigger project: https://repo1.dso.mil/ironbank-tools/renovate-tools ci_var: IRONBANK_TOOLS_TOKEN

Edited Aug 08, 2023 by Sam Suttman

Assignee

Time tracking

UNCLASSIFIED - NO CUI