DecisionUse dedicated accounts for service integrations
Service integrations that use personal accounts tie the function of the service with the person's engagement with the project.
Table Of Contents
Tying the normal operation of services to a person's engagement makes it more difficult for developers to roll off from a project successfully. It also increases risk of breaking the client's service integrations when developers don't remember to transition the integrations to another account.
Examples of these services include: GitHub, Circle CI, Tugboat, Jira, and Slack.
When integrating services together always use a dedicated account for the integration credentials instead of a person's individual account.
Depending on the client, valid implementations include:
- A dedicated email address and account per project or service, with credentials stored in a shared password manager. This e-mail address should be owned by the client i.e. not an
- A Slack email address (this can be obtained by going to
Channel Details / Integrations). Again, this should be an e-mail address owned by the client that won't disappear when Lullabot rolls off the project.
- For services that support it, a project access token (instead of a personal access token).
Don't use account aliases to register multiple bots for the same service like
email@example.com, as spam filtering on the service side is likely to block account creation.
Rolling off a person will not have a side-effect on continued operations. Automated actions in service integrations will not seem like they are performed by a person.
Andrew Berry, David Burns, Marcos Cano, Mateu Aguiló Bosch, Sally Young, Salvador Molina Moreno