Accounts & Access¶
Home / Onboarding / Accounts & Access
Every system you need access to, who owns it, and how to get provisioned. If something here is out of date or you can't get access, ping the owner listed in the table.
Owners to be filled in
The Owner column lists placeholders. Each system should have a named owner who can grant access and answer questions — fill these in as accounts are formalized.
Day-One Checklist¶
Work top to bottom. Most access is granted through Google Workspace SSO, so start there.
- [ ] Google Workspace account (
you@anvil.co) — email, Calendar, Drive. Created by: Owner. - [ ] Slack — request an invite; join your team channels.
- [ ] GitHub — added to the
anvil-coorganization and your team's repos. - [ ] Linear — added to the
machenitworkspace and your team. - [ ] 1Password / password manager — for any shared credentials (do not paste secrets in Slack).
- [ ] Workstation — provisioned per the Developer Workstations spec.
Systems Registry¶
| System | Used for | Access via | Owner |
|---|---|---|---|
| Google Workspace | Email, Calendar, Drive, SSO | IT provisioning | TBD |
| Slack | Team communication | Workspace invite | TBD |
GitHub (anvil-co) |
Source code, CI/CD | Org + repo invite | TBD |
Linear (machenit) |
Issue tracking, project planning | Workspace invite | TBD |
| Cloudflare | R2 storage, Pages hosting, Access/Zero Trust | Account invite | TBD |
| Supabase | Application database / backend | Project invite | TBD |
| Vercel | Frontend deployments | Team invite | TBD |
| Brex | Corporate cards, expenses | Finance invites | TBD |
| DocuSeal | Document signing | As needed | TBD |
Engineering Access¶
- R2 dataset bucket — the
mdsCLI authenticates with an API key scoped to themachenit-datasetbucket, stored in~/.mds/config.toml. See the dataset access & auth design for the token model. - Shared Windows debug machine — RDP access for ModuleWorks debugging; see Shared Windows Debug Machine.
- Wiki (this site) — gated behind Cloudflare Access (Google SSO). See Cloudflare Access.
Security Basics¶
- Never commit secrets. Use environment variables, GitHub Actions secrets, or the shared password manager.
- Enable 2FA on GitHub, Google, and any system that supports it.
- Scope credentials to the narrowest access that works (read-only where possible).
- Report a leaked or suspected-leaked credential immediately so it can be rotated.