search

ministryofjustice / operations-engineering

This repository is home to the Operations Engineering's tools and utilities for managing, monitoring, and optimising software development processes at the Ministry of Justice. • This repository is defined and managed in Terraform
https://user-guide.operations-engineering.service.justice.gov.uk/
MIT License
12 stars 5 forks source link

Risk R011: Determine Number of Org Level Tokens #4254

Closed PepperMoJ closed 3 months ago

PepperMoJ commented 5 months ago

User Need

As a Operations Engineering Developer I want A comprehensive count of all tokens, expired or otherwise, in both the Ministry of Justice organisation and the Analytical Services organisation so that I can assess what needs to be removed and whether intervention is needed to improve token standards.

Value By having a better understanding of what tokens are being used, we can get a better idea of what our responsibilities would be if we were to take ownership of this domain.

Functional Requirements:

  1. We have a list/count of all tokens in the Ministry of Justice organisation.
  2. We have a list/count of all tokens in the Analytical Services organisation.

Non-Functional Requirements:

  1. We have additional data around each token, including permissions and access frequency.

Acceptance Criteria:

  1. The findings around token counts have been documented and shared with the team.

Notes:

vijaykannan21 commented 3 months ago

https://docs.github.com/en/organizations/managing-programmatic-access-to-your-organization/setting-a-personal-access-token-policy-for-your-organization

PepperMoJ commented 3 months ago

List captured in this document.

vijaykannan21 commented 3 months ago

https://docs.google.com/spreadsheets/d/1UJ_0bo4J09NLVPG_Z6PSTSPSNbqRp2PPttldTE8GBks/edit#gid=0 status of token details