Ask HN: How are you handling the identity sprawl in your company/startup?
A founder I know had to let an engineer go last month. After few days; the core database gone. Thankfully, they recovered from a backup.
The fired engineer had an SSH key which no one knew about; hence no one revoked it. They had a leading IdP/SSO solution, but that solution wasn't connected to their db.
This got me thinking; at early stage, who is actually keeping track of all the keys, tokens, and credentials floating around? There's no IT, no security team, just founders and engineers barely taking care of their own tasks.
To every early stage founders, how are you tackling this today?
3 分 | 作者 awaisras 16小时前
2 条评论
- apothegm 3小时前All production access should require SSHing through an instance in your VPC, enforced by a firewall. Remove access to hosting provider accounts; remove user account on that stepping stone instance. Voila, production access to infrastructure is eliminated.
- overdrive_1 16小时前We get lost in the configuration and feels like we spend more time configuring than doing our actual tasks.Have okta but that is only limited to Saas apps. For infra couldn’t find anything useful and easy to use.
- awaisras 16小时前Surprisingly the founder also had a similar issue, said they barely had enough time to go through the configuration guides, and the engineers he had were focusing too much on the core product and its auth, that they could not handle the internal workflows.