Feature request: private Handbook pages

[charlescook-ph]

We document 90% of our internal processes publicly in our Handbook, which is great. However there are a tiny minority of processes that I'm hesitant to share publicly because of the risk of phishing, such as really specific financial processes.

For example, I worry that if I share exactly how X and Y bank accounts connect to Z accounting software and W financial planning software, it gives a potential scammer loads of useful information to then convincingly impersonate someone at the company. However, some of this stuff is critical to document.

Is there a way we could put certain pages behind GSuite authentication for example, so you can only view it if you're signed into your PostHog Google account? (This is the kind of approach GitLab take.)

An alternative could be to commit the info to an internal repo and then just link to it from the Handbook. Means we have a messier workflow for documenting stuff and not as neat, but happy to do that if this feature request is declined!

[corywatilo]

cc @smallbrownbike Auth through Squeak! and pages served by Squeak! somehow?

[smallbrownbike]

As mentioned in the above-referenced issue, I think this might be another good reason to start incorporating a headless CMS into the site?

We should be able to add a router to all headless CMS pages and conditionally render them based on whether the authenticated Squeak user is a mod/admin. Keeping the pages in a headless CMS would also keep the data private and make editing it quicker/easier.

Adding some sort of "private page" section to Squeak would work too, but I'm not sure it makes as much sense there as it does in a headless CMS.

[corywatilo]

You own the website codebase! You know the technical requirements (how we build it) and our internal requirements (no outside dependencies), so this is your call to make! =] #biasforimpact

(Just looking at the ones you mentioned, Strapi seems much more reasonable price-wise.)