Leavers process - alphagov/notifications-manuals GitHub Wiki

When someone leaves you should reverse the joiners process steps. You should similarly make a Trello ticket to track the progress of the tasks. Even if they are not a developer, you should check all the tasks as we often give permissions to non developers such as allowing product managers and content designers to edit Github.

Some accounts are handled centrally to GDS, and if they're moving teams they may still need access to the systems (though may need to be removed from notify teams within those systems).

  • Pagerduty
  • Github
  • Zendesk
  • gds-users AWS

Extra details for developers with Yubikeys

You can prevent further use of the Yubikey with the following commands:

# reset e.g. WebAuthn credentials
ykman fido reset

# reset one time passcode credentials
ykman oath reset 

Extra details for developers with GPG keys

Revoke your GPG key.

From a practical perspective, this helps signal to others that the key should no longer be used.

From a security perspective, this prevents verification of any future commits signed with the key.

Extra details for removing access to AWS account

Remove user from:

notifications-aws repo

  • terraform/modules/local-development/variables.tf
  • terraform/notify-deploy/users.tf
  • terraform/notify-monitoring/users.tf
  • terraform/notify-tools/users.tf

Changes in this repo should automatically be applied by Concourse.

notifications-aws-account-wide-terraform repo

  • terraform/deployments/tfvars/*.tfvars

Changes in this repo will need to be manually applied.