This Access Control Policy defines which Sourcegraph employees have access to each production asset and under which conditions. It is not in scope to define how to enforce these policies. It targets the Cloud product (formerly known as Managed Instances), running single-tenant Sourcegraph instances Docker Compose instances on GCP (later to be substituted by Kubernetes deployments on GKE).
This document is divided in sections:
Each section has a desired end-state and the current state. The desired end-state targets customers with elevated security standards along with providing us more fine-grained access control options.
The policy also differentiates customer instances from instances used internally by Sourcegraph. Customer instances are all Cloud instances containing customer data (customer.sourcegraph.com) and trial instances. These instances have higher security scrutiny. Sourcegraph instances are:
Access logs will be collected and audited, increasingly for higher levels of access. Defining the logging and alerting methods is out-of-scope for this policy. We are also not considering sharing logs with customers at this time.
Note: Approval processes for elevated access (referenced throughout this doc) will be documented by Security and Tech Ops. The teams are currently evaluating tooling to improve this process.
GCP services (GKE, Cloud SQL, etc) and Cloudflare.