Finally I created the Bitwarden account as we agreed in the last global hangout. So far subscribed to Team plan with 11 users: Luis, Dani, Rachel, Myriam, Kirsten, Paco, Maikel, Kristina, Matt, Jen and myself. I had doubts about Lynne, Nick, Sigmund and others. Let me know if you’ll need access and I’ll create extra seats.
First of all, keep in mind I have to manually accept you once you confirm the invitation. Once done, you can add a new element and then, when it shows up in the list, click on the gear icon and “share” it with the Open Food Network organization picking the appropriate collection. For instance, I added the credentials of our Datadog account.
Regarding collections. These are the ones I thought of but we can create others as soon as we need them. Then we could grant access to particular ones and remove access to others to particular users if we think is worth.
As for the account itself, I created it as Coopdevs but Katuma will pay for it. Consider it part of our contribution to the global pot. @MyriamBoure any instructions to keep track of this expense in our holly spreadsheets?
Thank you Pau! Would it be possible for you to create seats for @MSFutureFarm and myself without too much trouble or expense? Does it make sense to have a collection per instance to keep track of pesky instance-specific things like email, Mailchimp, Stripe, and other passwords in addition to things like secrets?
My idea was to use it for global accounts that were worth sharing but I don’t mind giving it also a instance-specific use. It’s 2$/month the extra seat. Having instance-collections could be a way to have it well organized.
What do others think? @Rachel you also wanted to add French specific entries?
Unrelated, do not forget to install the browser extension for it to be useful.
Yes I do. But maybe each instance should deal with creating its own instance? That’s what I was going to do for France, but I’m open to other suggestions
We’ll take care of it for the US for now. There doesn’t seem to be a huge advantage to making a collection as opposed to a separate installation (but we might want to stash a key to the door of that in the global accounts bucket just in case).
OK. Turns out folders are only seen by the users himself. So I created an OFN France collection and a “testing stuff” collection so that we can filter the accounts more easily. If the default collection becomes too big, we can create other collections as well.
Alright so we are soon welcoming new devs in the team, so we need to change our strategy for the 13 accounts we have on bitwarden.
We could increase the number of paid accounts. Who is paying currently for bitwarden? @sauloperez is that still ES?
Even with more accounts, I think we should have a strategy for who gets access to what. Instances that are managed by global sysadmin pool should all have access. I think I read somewhere that @tschumilas has not access. And I don’t see anyone from BE or DE.
This means that if something changes in Stripe, Sendgrid etc in those instances, the global team has no more access to the latest credentials to help the instance. I think this is bad, especially if we want to increase support to instances.
Support team in instances need those credentials as well, however if we rely only on adding accounts I believe we will make the budget explode…
I think @Kirsten you have mentioned somewhere that in AU you have duplicated the whole credentials within an AU account. That could do the trick, but each time you update a password, you need to update it twice in bitwarden. Is that correct?
Bitwarden is currently being paid by the UK. Re duplicate credentials, that’s what we’re doing for Katuma but luckily we haven’t had any issue although it does concern me as well. I’d email them on how to better solve this situation. I’m pretty sure we’re not the first ones in this situation.
I also think a single account could work, as long we store its credentials in our personal password manager
Yes, we duplicate, which leads to some complications as our local team use Aus bitwarden and update things there/don’t look in global bitwarden for tools and passwords. It probably doesn’t impact instance platform operation as those things get kept in global bitwarden, but it is messy
