Secrets Management JTBDs - Meta Analysis
What’s this issue all about?
This issue will focus on the meta-analysis of https://gitlab.com/gitlab-org/ux-research/-/issues/1873 1740 user secrets topology deck and https://gitlab.com/gitlab-org/ux-research/-/issues/1909 in order to define and validate the JTBDs for Secrets Management category.
💡 Research results
Changes to the secret management jobs to be done
Research insights
- Developers use GitLab CI/CD variables to store sensitive credentials because it allows to store it outside of code.
- In highly regulated environments, dynamic secrets, automatic secret rotation and secret expiration policies provide additional layer of security.
- Developers expect sensitive credentials to be fully encrypted.
- Depending on the team structure, organization size and secret type, users want to choose between a secret-based or identity based access policies (such as IAM users, RBAC policies, policy-as-code).
- In addition to access policies, developers should be able to select between different permissions levels such as read/write or read-only.
- For compliance reasons organizations are required to keep audit logs of secrets usage and management.
- Engineers need to have insight into the status of the secrets, their usage, and any suspicious behavior.
- Engineers need a way to quickly update or rotate the secret in case there's been a vulnerability.
- When a secret is created or updated, the code using the secret needs to be updated appropriately.
- Engineers need a way to quickly roll back changes to a secret in case of unwanted changes or a vulnerability.
- Access requests for services are typically tracked in tickets or issues.
Research artifacts
Next steps
- Identify the remaining open questions and integrate them into upcoming research studies
- Prioritize the jobs to be done
Further details
Who is the target user of the feature?
- Platform Engineer
- DevOps Engineer
- Engineer
What questions are you trying to answer?
- What are the core JTBDs for Secrets Management?
Core questions
Additional questions
What hypotheses and/or assumptions do you have?
What decisions will you make based on the research findings?
- Define the JTBDs for Secrets Management
What's the latest milestone that the research will still be useful to you?
- 15.3
Edited by Nadia Sotnikova