Skip to content
This repository was archived by the owner on May 8, 2026. It is now read-only.

Initial draft for HCEP-b31e - 1Password for SecretOps on community projects #3

Closed
ajhalili2006 wants to merge 1 commit into from
Closed

Initial draft for HCEP-b31e - 1Password for SecretOps on community projects #3

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
52 changes: 52 additions & 0 deletions src/hcep/b31e.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
---
status: draft
type: Community Projects Operations
dateCreated: 2026-04-16
dateReceived: 2026-04-28
trackingIssue: https://github.com/hackclub-community/HCEP/issues/2
discussionsTo: https://github.com/hackclub-community/meta/discussions/6
authors: Andrei Jiroh Halili <andreijiroh@alumni.hackclub.community>
hide: [navigation]
---

# HCEP-b31e - 1Password for SecretOps on community projects

!!! warning "This is a work in progress"
We're publishing this draft for now as part of the HCEP review process and to provide additional context for the 1Password team in reviewing the Open-source Teams application. [See the tracking issue](https://github.com/hackclub-community/HCEP/issues/2) for updates.

## Summary

The Hack Club Community projects 1Password team account will be utilized as a SecretOps platform across Hack Club community projects on code forges such as GitHub and GitLab.com as well as for shared access to infrastructure such as service accounts and socials dedicated to the Hack Club community, including those under the Alumni Society project.

## Why 1Password?

While there are numerous options ranging from using the built-in secrets management on GitHub and GitLab to specialized tooling like [@motdotla](https://github.com/motdotla)’s (ex-HCB Engineer and creator of `dotenv`) [dotenvx](https://github.com/dotenvx/dotenvx) and [Doppler](https://doppler.com), we are going to use 1Password for both SecretOps in community projects as well as handling off access to community's socials to minimize the effects of the "bus factor of one" while adhering to best security practices in credential storage and sharing for teams.

### Addenum: why not Vaultwarden?

It may be obvious that the Hack Club community loves 1Password, even there’s a HCB perk that you can claim for those running a events and organizations fiscally-hosted on HCB can even apply for either non-profit discount or open-source teams plan ([see perk card from HCB dashboard screenshot](https://l4.dunkirk.sh/i/FvuhvP99szdc.webp) and [1Password-related issues/PRs in the HCB repo](https://github.com/hackclub/hcb/issues?q=1Password)).

## Account administrators

The initial team account administrators will be the GitHub organization owners of both [@hackclub-community](https://github.com/hackclub-community) and [@hackclub-alumni](https://github.com/hackclub-alumni) with Andrei Jiroh Halili being the initial team account owner. Team account ownership may be transferred to another Hack Clubber (either from HQ/HCB team or the wider community) with either no valid major misconduct reports or no active moderation actions (e.g. channel bans, slushes and community-wide bans) from the Conduct WG in the last 90 days while team access may be provisioned and revoked at will by the Team Owner, including assigning and unassigning administrative privileges.

## Requesting access

Anyone with a `@hackclub.com` (for Hack Club HQ and HCB staff) and `@alumni.hackclub.community` (for Alumni Society members) address may do a self-serve sign-up to the team account via [this invite link](https://hackclub-community.1password.com/teamjoin/invitation/DRKU67GCBBFYPP75ZXIEJGZVME). Note that account admins may review these self-serve sign-ups on occasional basis and may disable/remove accounts as needed to keep within the 10-member limit for team accounts.

### Programmatic access via Service Accounts

Anyone needing programmatic access to secrets dedicated for community projects use through 1Password Service Accounts for use in the [1Password CLI](https://developer.1password.com/docs/cli) or [SDK](https://developer.1password.com/docs/sdks) may reach out the the [account administrators documented above](#account-administrators) for details on getting issued a service account. The requestor is responsible for keeping the service account tokens private and safe from abuse.

## License

CC0 1.0 Universal (CC0 1.0) Public Domain Dedication

To the extent possible under law, the authors of this document have waived all copyright and related or neighboring rights to this work.

## Citation

Please cite this document as:

Andrei Jiroh Halili <andreijiroh@alumni.hackclub.community>, “HCEP-b31e - 1Password for SecretOps on community projects," _Hack Club Enhancement Proposals_, April 2026. Available: https://hceps.hackclub.community/hcep/b31e