From time to time it may be necessary to revoke employee access to our systems. This document contains a checklist of steps, systems and services to address.
- Collect laptop.
- Reformat laptop.
- Rekey vault if user had unseal keys. In this case, consider auditing root tokens as well.
- Delete user from gSuite. During the process, you will be asked to transfer all documents from Google Drive to a new owner and should do so.
- Remove user from DRUD github.
- Remove user from newmedia github if applicable.
- Remove user and any of the user's bots from slack
- Delete user's Google Cloud Projects.
- Remove user from each project in GCP. Select all projects and use the info panel to remove the user's accounts.
- Rotate Access Key ID and Secret Access Key in the newmedia AWS console.
- Validate AWS IAM users for newmedia
- rotate passwords for service accounts.
- rotate github tokens for service accounts (newmediadenverbot, etc.)
- Revoke access to any lastpass secrets that are shared. Most should be invalidated instead. This is done in lastpass "sharing center".
- Make sure user is removed from circle team.