Backup code management

[jpmckinney]

In additional to individual accounts, I presently have multi-factor authentication set up for:

• AWS root user (sysadmin@open-contracting.org)
  • There are ways to recover the account, but it might be safest to share backup codes between OCP admins.
• DMARC Analyzer
  • Not critical if access is lost. We can just create a new account and update DNS records.
  • It has no backup codes. I guess I'd have to save the QR code.
• Bytemark (account can be deleted once switch to Linode) https://github.com/open-contracting/deploy/issues/145
  • Dogsbody also has access to the account.
• UptimeRobot (account can be deleted once Pelican is re-deployed) https://github.com/open-contracting/deploy/issues/200
  • It has no backup codes. I guess I'd have to save the QR code.

I also have MFA for:

• ocp-deploy GitHub user: access token is used to get ReadonlyREST's code from the deploy-salt-private repository
  • Not critical if access is lost. We can just create a new user and generate a new access token, as documented.

[jpmckinney]

@yolile How do you want to manage access to the AWS root user?

[yolile]

@yolile How do you want to manage access to the AWS root user?

What about a google doc shared with sysadmin@open-contracting.org?

[jpmckinney]

Hmm, but that account can't create documents. The document will be owner by a user, who could be disabled/deleted if they change job.

[jpmckinney]

But using the same idea, we can store the backup codes in a private GitHub repository.

[jpmckinney]

We'll just need to never add an Owner outside OCP. (It's actually possible to transfer repos without having the Owner role: https://docs.github.com/en/github/administering-a-repository/transferring-a-repository)

[jpmckinney]

I added docs here: https://ocp-software-handbook.readthedocs.io/en/latest/github/index.html#teams