> 3 different sources of truth about ownership
replyI see only 1.
Admin, access <> ownership.
I always thought of this as authority, accountability, and responsibility of a thing. Ideally one group or person has all three. In practice you’ll have many entities with some combination of the three.
replyI am sure mere access does not imply any kind of ownership.
replyIsn't the point that this is the source of truth?
replyIf someone needs access to a secret, you would implement it in this DSL and commit that to the system. A side effect would run on that which would grant access to that secret. When you want to revoke access, you commit a change removing that permission and the side effect runs to revoke it.
From my experience, there is always a parallel process. But if you make the system painless enough, most of it will be in there, yeah.
reply> When you want to revoke access, you commit a change removing that permission and the side effect runs to revoke it.
For this to work, you’d need to also rotate the secret, or ideally issue one for each person (so that others don’t have to update their configs).
...but sometimes you can’t reliably automatically rotate the secret, because they could have used it for something in production.