Login Handbook
Welcome to the Login.gov handbook! This is our open source team documentation!
Please help us contribute and keep things up to date, and make sure to avoid contributing sensitive information.
Team
Articles for the whole team
-
Login.gov Principles
Our mission and project principles -
Funding and Cost Recoverability
How Login.gov is funded and what it means -
GPO Designated Receiver
How we verify that USPS/GPO address verification is working as expected -
Glossary
Explanation of common terms, acronyms, and abbreviations -
Incident Response Checklist
Quick reference checklist for incident response -
PII Guidance
Guidance on safe handling of Personally Identifiable Information -
Reviews
Mid-Year and End-of-Year Self Review and Peer Feedback -
Services and Accounts
List of external services and logins to manage -
Slack
Groups and Channels -
Sprint Team Roles
List of our sprint team roles and responsibilities -
Sprint Teams
List of our sprint teams and the explanations behind their names
Handbook
About this handbook
-
Contributing to the Handbook
Guidelines for contributing to the handbook -
Template Page
An example article that you can copy
Product
Product and process
-
Definition of Done
Checklist for work to be done, and accepted via an Acceptance Thread -
Definition of Ready
Best practices for tracking issues in JIRA -
Sprint ceremonies
Overview of a scrum team’s regularly scheduled meetings
Development
Common Dev things across AppDev and DevOps
-
GitHub
Team code repos, permissions, notification strategies -
Troubleshooting Quick Reference
List of things to check to triage active issues in production
AppDev
-
AppDev Oncall
Responsibilities and runbook for AppDev oncall -
Bug Bounty Triage
How to handle bug bounty reports -
Contact Form Updating Instructions
Procedure for updating fields in the Help Center’s Contact Form -
Deploy Schedule for Automated Deploys
The daily deploy schedule for IDP, PKI and Dashboard in lower environments -
Deployer Rotation
Spreadsheet to track the AppDev Deployer -
Deploying new IDP and PKI code
Release Manager’s Guide for Production -
Deploying the Sample Apps
How to deploy oidc-sinatra and saml-sinatra to cloud.gov -
Engineering Design Doc Template
Template that can be copied for engineering proposals -
Environment Descriptions
Listing of environments and the differences between them, like prod, pt, dm, int or dev -
IAL2 Common Errors List
List of the most common IAL2 errors -
IDP Smoke Tests
Configuration and debugging for common issues -
Identity Proofing Testing
Tips and tricks for testing identity proofing (IAL2 accounts) including example fake phone numbers and example PII -
Key rotation guide
Guide for rotating secrets for the IdP and PKI codebases -
SAML: Annual Certificate Rotation
How to perform annual certificate rotation -
SAML: Development
High-level overview of the flow of SAML in the IDP code -
Secrets and Configuration
How to update IDP and Rails app configuration (feature flags) and secrets application.yml -
Translation process
Process and guidelines for localization and string translation (i18n) -
Troubleshooting OpenSSL Command Line Recipes
Commands for common certificate tasks, useful for PIV/CAC or AAMVA credentials -
Troubleshooting PIV/CAC logins and Managing Certificates
If somebody has trouble using their PIV/CAC with Login.gov, and also how to download new certificates from Certificate Authorities -
Troubleshooting expiring PIV/CAC certs
Guide on finding new certs if a cert is expiring -
Troubleshooting the IDP
Troubleshooting production exceptions and issues reported by customers -
Troubleshooting the Sandbox
Troubleshooting issues with the Login.gov sandbox/int environment -
Updating MaxMind GeoIP database
Instructions for updating our IP address geolocation database -
Updating Pwned Passwords Dataset
Instructions for updating Pwned Passwords dataset in s3 -
Windows Virtual Machine Setup
Setting up a Windows VM on your Mac so you can test Internet Explorer
Architecture
-
Background Jobs: Lambda (deprecated)
Overview of and launch checklist for our async Lambda workers -
Background Jobs: Proofing Ruby Workers
Overview and architecture of our proofing background jobs -
Background Jobs: RISC Ruby Workers
Overview and architecture of our RISC notification jobs -
IDP Artifacts
Overview of IDP artifact-building architecture -
IdP Static Assets CDN
Overview of use of CloudFront CDN to serve static assets -
Reporting Dashboard
Overview of reporting dashboard architecture for data.login.gov
Partnerships
-
Config PR review checklist
Data map for identity-idp-config YAML files to data sources (IAA GTCs and Orders, Dashboard, etc) -
Deploying a Partner Service Provider Config to Production
Process and procedures when deploying a partner service provider config to production -
Partner Support Ticket Handling
How to handle and track support requests from partners -
Provisioning Test IAL2 Users for Partners
The steps necessary to set up a collection of test users with IAL2 profiles for a partner in the sandbox.
Platform
-
AWS Accounts and IAM Groups/Roles
Private list of AWS accounts, roles, and groups for human users -
AWS IAM User/Group/Role/Account Configurations
Detailed information about our IAM configurations, and how to add/alter IAM components within our infrastructure. -
Acceptance Criteria for Infrastructure PRs/Issues
Detailed guide on how to file Issues and Pull Requests for the Login.gov Infrastructure Team. -
Baking New AWS AMI Images
Runbook for creating new Base and Rails AMI images -
Building a Personal Sandbox Environment
This is a guide to follow when you are standing up your own personal development environment, aka “sandbox” -
Custom Aliases/Functions for identity-devops Commands
Reference/runbook for the custom commands created via the login-alias script. -
Deploying Infrastructure Code
Runbook for the process of deploying code from 18f/identity-devops into our infrastructure. -
Email Routing
Inbound and outbound SMTP information -
External Services and Limits
Notes on rate and cost limited external services used by IdP and out platform -
GitLab
GitLab Setup -
Gitlab Environment Deploys
How to use Gitlab to deploy your sandbox idp environments -
Infrastructure auto-terraform Runbook
How to use/manage/understand auto-terraform -
Load Testing Process
Process overview and instruction for performing load tests in AWS -
Making Changes via Terraform
This is a guide to the variousterraform
directories inidentity-devops
and how to use them -
Platform Disaster Runbooks
Recovering from really really bad stuff -
Platform On-Call Guide
Runbook/guide for processes/responsibilities for the on-call platform engineers. -
Platform Scaling
Runbooks for scaling out or up various resources in anticipation of or response to added load -
Platform Tips and Tricks
Helpful tips for AWS, Terraform, and other platform related tech -
Platform: Secrets!
List of configuration secrets and how to manage them -
Setting Up aws-vault
This runbook is for getting set up with, and using,aws-vault
, a tool for providing easier access for cross-account role assumption. -
Team Radia Sprint Ceremonies
How Sprints and Standups operate
Reporting
-
Analytics Events
events.log
structure and event descriptions -
Reporting Process
Reporting process for ad-hoc data requests, query requests and analyses -
Reporting Queries
Queries to run in the Rails console for common reporting questions
Security
-
Incident Response Guide
Security Incident Response Guide -
Vendor outage response process
What to do in the event of a 3rd party vendor outage.