New Hire Orientation

Welcome to Elastio! This chapter covers the steps you need to go through to on-board into the Engineering organization and begin to contribute code to our repos.

A reminder that this is a living document. If you find inaccurate or incomplete information or details that are simply missing, you must take action to improve the handbook by making a branch of this handbook's GitHub repo, making a change, and opening a PR.

Preparing for Onboarding

If you have time before your start day, consider doing some of this prep in advance. If not, you should work through these steps first thing in the morning on your first day:

  1. Complete all on-boarding paperwork with HR. If you're on-boarding in Ukraine, make sure you've signed all documents, including the Elastio IP Rights Assignment doc before starting work. If you were not asked to sign this document, contact @anelson and let him know immediately.

  2. Install a TOTP-compatible token generating app on your phone. Most of the Elastio team use Aegis, but it's up to you what app you use. The only requirement is that it be on a smartphone, and NOT on your laptop or desktop computer. 2FA isn't really 2FA when the second factor is stored on the same computer where you enter the first factor!

  3. Install 1Password.

    IMPORTANT NOTE: The step here is "install", not "setup". In particular, do not try to set up an account with 1password. Elastio have a corporate account, elastio.1password.com, to which you will be added on your first day. This preparation step is just to install these tools to prepare yourself for your Day 1 onboarding.

    How you do this depends on what OS you're running:

    1. Linux: Install the 1Password browser extension on Chrome or Firefox.

    2. Windows or macOS: Install the 1Password desktop application for Windows or macOS, and then the 1Password Classic (NOT "1Password", but "1Password Classic") browser extension.

    3. Mobile: Install the 1Password mobile app for Android or iOS . This will be useful regardless of which desktop OS you use, as a backup and when not at your desk.

  4. Disable your browser's automatic password saving feature. As a matter of policy, Elastio requires that all credentials to access our systems be stored securely in 1Password, and NOT in the Firefox or Chrome or Safari password managers. Either disable this feature entirely, or set up a separate Elastio profile in your browser of choice with password management disabled, and use this profile for all official Elastio work.

    This is very important for the security of our systems. Every engineer is responsible for the security of the account credentials assigned to them; you do not want a breach to be your responsibility!

  5. Think of or generate a unique, secure master password that you will use to access your Elastio 1Password account. Read about how to generate a strong master password, and if you need help coming up with password ideas use the 1password secure generator. This is the only password you will need to remember, as all others will be stored in 1password.

  6. If you are going to use your personal computer instead of an Elastio-provided system, make sure whole disk encryption is enabled. This is a requirement for any system where Elastio intellectual property is downloaded.

Day 1 Onboarding

  1. @anelson or some other manager will create an account for you on our team 1password instance (elastio.1password.com). If you followed the prep instructions above, you have in mind a secure master passphrase already. If not, you're not off to a great start :) Go back and follow the preparing instructions!

    Once this account has been created, you'll receive an email invitation to your personal email address (US) or your Polytech email (Ukraine). Follow the instructions, and enter your master password when prompted.

    As part of this setup process an Emergency Kit PDF will be generated. Read about the emergency kit and place the PDF in a safe place in your personal cloud storage (for example, email it to yourself, save it in Dropbox, etc). Elastio management cannot recover this for you if you lose it.

    Once this account is set up, log in to this account using both the 1Password app on your desktop (Windows or macOS), the 1Password browser extension in your browser (Linux), and the 1Password mobile app. Confirm everything work correctly before proceeding.

    At this point you should take some time to learn how to use 1password. The intro video is a good starting point. When correctly installed and configured, 1Password will automatically offer to save passwords you type in a browser, and when filling out a form to create a new account it will offer to generate unique, secure passwords for every account.

    IMPORTANT NOTE: ALL credentials to access Elastio systems must be secured in 1Password and nowhere else. For systems where you are prompted to choose a password, always use 1Password to generate a secure, unique password.

  2. You will need a GitHub account to join the Elastio organization. You may use your existing personal account, or create a new one just for Elastio. Either way, you must generate a new secure password for your GitHub account, again using 1Password.

    You must also enable Two-factor authentication (2FA) on the GitHub account. Use the Aegis app on your phone to scan the QR code to start generating GitHub 2FA codes on your phone. GitHub will also offer you recovery codes, which are single-use passwords that can be used to access your account in the event you lose your 2FA token generator. These recovery codes must be stored in 1Password as well. We recommend storing them in the 'Notes' field for your GitHub account entry in 1Password.

    Be careful not to lose your recovery codes, as without them you'll be unable to log in to your GitHub account if you ever lose access to your phone. Also be careful to store the recovery codes only in 1Password and not on your local system where they are not secure.

  3. Now that 2FA is enabled, @anelson will add your GitHub account to the Elastio org. Confirm you can see the Elastio repos. Checkout elastio and verify you can build and run the solution by running cargo test. You will not be able to do this without installing some packages; see the README for details.

  4. If your job in Elastio will involve using SSH to connect to our systems, make sure you have at least one SSH public key associated with your GitHub account. If not, generate one with ssh-keygen. The password for this key pair should be, obviously, generated by and stored in 1Password.

  5. Adam will create a Google Workspace account for you, with a one-time-use password. Log in to GSuite with this temporary password, and use 1Password to generate a new password for GSuite. You need to enable 2FA on GSuite as well. Once again, use the Aegis app on your phone to add the GSuite account to Aegis and generate the initial 2FA token.

    NOTE Google's fiendish attempts to force its paying customers to use their Google Prompt crapware have made it more difficult to on-board using 2FA. You'll have to coordinate this with @anelson, initially set up 2FA using SMS (which is not at all secure; thanks Google!), then once that's set up add another 2FA method via Aegis, and finally delete the SMS method. This is complicated and probably will require a screen share with @anelson.

  6. Now that you have a elastio.com email address, change your 1Password account to use this email address. Verify you can still access 1password. @anelson can't do this, it has to be done within your 1password login. You should see a "Change Email" option in the 1P UI on the left side of the screen when viewing your profile page.

  7. Congratulations! You're done with the initial on-boarding steps. Report to your mentor on Slack and start your job-specific on-boarding.