Open adry-martinez opened 2 months ago
[x] Created TPW DTS Vaults
[x] Created TPW AMD Vault
TPW DTS | API Accessible Secrets
(49) 5/20/24TPW DTS | Administration
(1) 5/20/24TPW DTS Developers
(102) 5/20/24TPW DTS | Main
- (165) 5/20/24TPW DTS | Guest Share
(6) TPW DTS | Knack Share
(81) 5/20/24@dianamartin , @maccallump and I met this morning to discuss the on-going transition to the enterprise 1PW account.
Briefly recapping our meeting and my action items:
While Diana manages the use of the city's SCIM to create groups of users that will control both a enterprise 1Password account and to which vaults they have access, I agreed to work with the developers to try to weed out crufty entries from our vault.
Additionally, I am going to familiarize myself with the move/copy functionality so that when we do set a firm date for the switch over, I'm prepared to bring over the vaults that have been assigned to me. I am going to create a plan that is shared with our team so that we are sure to not get our secrets into a forked or split-brain type scenario, where we have edits both in the DTS and Enterprise vaults simultaneously.
Diana pointed out a gotcha in the UI that we need to keep in mind. Attached files (secured notes) in 1PW are not brought over my a copy or move operation (export pw), and they need to be given special care. The developers rely on these stored notes in a few places, namely for some PEM files containing cryptographic keys.
We discussed that we're hopeful to make the transition in pretty soon, ideally in this sprint or the next. Diana, please let me know if I missed anything or if there's anything else that I can do to help. Thanks!
@frankhereford You may have to download 1Password 8
desktop client to help with moving passwords in vaults. That's what I ended up doing. I also could only import/export using the desktop client v. the web one.
Edit by frank: I'm removing the picture of the secret entries from the public GH boards. I reviewed it, and there was nothing concerning per se, but it did include a lot of usernames and email addresses.
Hi Cedric/team, Iβm following up to see if the SCIM group: TPWdatatechnologyservices (resource account) was configured so that I can have my team having access to the new 1PW COA environment.
We talked about using either these groups: (they should have 31 members in them)
He replied 5/28/24
Hello, Diana. Weβre reviewing AD to identify available Dynamic Groups, or the level of effort needed to build them. With only 31 members in your group, chances are we can get your team squared away in the coming days β barring any unforeseen pop ups or competing operational demands.
More to come shortly. -Cedric
I completed the migration on behalf of the developers today. The API and the Developer vaults have both been moved to the COA account and everything in the DTS vaults has been archived to help prevent people from mixing them up. π
This issue is to create DTS 1PW vaults for the DTS