1Password audits are to be completed every 6 months:
To get started, you will first want to make an issue using the 1Password issue template in the audits project.
As the API is not yet able to handle this, this process will be a bit more of a
manual process. To start, you will want to run the
1password_audit audit script
(see below for help with running the script). Once the
script completes, it will output a large amount of information. This should be
copied and pasted into the ## Notes
section of the issue you created via the
1Password issue template.
After that, you need to go into 1Password and make the changes as shown from the script output. This may involve adding missing support team members and removing those that should not be present. Once the changes are made, make comments on the issues to indicate they have been done.
Once all the items have been addressed, you will then ping a Support Operations Manager to review the audit. They will then close out the issue.
The requirements to run the script are:
op
script setup (see repo for more details)To run the script, you will want to do the following commands:
git clone git@gitlab.com:gitlab-com/support/support-ops/audits.git
cd audits
gem install bundler
bundle install
./bin/1password_audit
As the script output is quite large, you might want to have it output to a file so you don't lose the data due to scrollback. This can be done by doing the following:
./bin/1password_audit > audit_output.txt
As it goes through the agents from the support-team.yaml file, it checks the following:
It also checks members of the 1Password Support group that are not in the support-team.yaml and notes they need to be removed (exceptions are within the script itself).