# Developer Offboarding Guide # Developer Offboarding Guide > **Project:** {{PROJECT_NAME}} > **Version:** {{VERSION}} > **Date:** {{DATE}} > **Author:** {{AUTHOR}} > **Status:** Draft | In Review | Approved > **Reviewers:** {{REVIEWERS}} ## Document History | Version | Date | Author | Changes | |---------|------|--------|---------| | 0.1 | {{DATE}} | {{AUTHOR}} | Initial draft | --- ## 1. Offboarding Overview **Developer:** {{DEVELOPER_NAME}} **Last Day:** {{LAST_DAY}} **Manager:** {{MANAGER}} **Offboarding Coordinator:** {{COORDINATOR}} **Security Review:** {{SECURITY_REVIEWER}} **Departure type:** Voluntary / Involuntary **Handoff started:** {{HANDOFF_START}} **Access revocation deadline:** {{LAST_DAY}} by {{REVOCATION_TIME}} --- ## 2. Access Revocation Checklist ### Code & Version Control - [ ] **GitHub / GitLab** — remove from organization and all repositories - [ ] **SSH keys** — remove from all servers and deployment systems - `~/.ssh/authorized_keys` on servers - GitHub SSH keys: Settings > SSH and GPG keys - [ ] **GPG signing keys** — revoke from keyserver if used for commit signing - [ ] **Personal access tokens** — revoke all tokens in GitHub/GitLab settings - [ ] **Webhooks using personal token** — identified and updated to service account ### Cloud Infrastructure - [ ] **{{CLOUD_PROVIDER}} IAM** — remove user from all IAM groups and roles - [ ] **{{CLOUD_PROVIDER}} console access** — deactivate user account - [ ] **SSH keys on cloud instances** — remove from all EC2/GCE/VM authorized_keys - [ ] **Cloud access keys / credentials** — deactivate and delete ### CI/CD & DevOps - [ ] **{{CI_PLATFORM}}** — remove from organization (GitHub Actions / GitLab CI / CircleCI) - [ ] **Container registry** — remove push/pull credentials - [ ] **{{ARTIFACT_REGISTRY}}** — remove user access - [ ] **Kubernetes** — remove kubeconfig entries, remove from RBAC ### Secrets & Credentials - [ ] **{{VAULT_TOOL}} (HashiCorp Vault / 1Password / Vaultwarden)** — remove user, rotate any shared secrets they had access to - [ ] **All shared secrets/passwords known to the developer** — rotate immediately (DB passwords, API keys, etc.) - Database passwords: {{DB_CREDS}} - API keys accessed: {{API_KEYS}} - Any others: {{OTHER_CREDS}} - [ ] **Environment variables / .env files** — confirm no secrets taken/copied ### VPN & Network - [ ] **VPN** — revoke VPN certificate / remove user account - [ ] **Bastion host** — remove from authorized users - [ ] **IP allowlists** — remove their IP if personal device was allowlisted ### Third-Party Services - [ ] **{{SERVICE_1}}** (e.g., Sentry, Datadog, PagerDuty) — remove user - [ ] **{{SERVICE_2}}** (e.g., Slack, Jira, Confluence) — deactivate account - [ ] **{{SERVICE_3}}** (e.g., Stripe, AWS Marketplace) — remove user - [ ] **Email / Google Workspace** — deactivate account, set out-of-office, forward to manager - [ ] **Password manager (shared vaults)** — remove from shared vaults **Access revocation completion signed off by:** {{SECURITY_REVIEWER}} on {{DATE}} --- ## 3. Knowledge Transfer ### Active Projects & Ownership Transfer | Project / Area | Current Status | New Owner | Handoff Complete | |----------------|---------------|-----------|-----------------| | {{PROJECT_1}} | {{STATUS}} | {{NEW_OWNER}} | Yes / No | | {{PROJECT_2}} | {{STATUS}} | {{NEW_OWNER}} | Yes / No | | {{PROJECT_3}} | {{STATUS}} | {{NEW_OWNER}} | Yes / No | ### Ongoing Work Documentation | Work Item | Ticket | Status | Documentation | New Owner | |-----------|--------|--------|---------------|-----------| | {{WORK_1}} | {{TICKET}} | {{STATUS}} | {{LINK}} | {{OWNER}} | | {{WORK_2}} | {{TICKET}} | {{STATUS}} | {{LINK}} | {{OWNER}} | **Documentation written during knowledge transfer:** - [ ] All in-progress PRs reviewed and commented - [ ] Active branches documented and either merged or closed - [ ] Ongoing investigations/research notes written up - [ ] Architecture decisions currently being made: documented as ADRs - [ ] Pending operational tasks documented in runbooks ### Key Contacts & Relationships | Contact | Company / Role | Relationship | Transferred To | |---------|---------------|--------------|----------------| | {{CONTACT_1}} | {{ORG}} | {{RELATIONSHIP}} | {{NEW_OWNER}} | | {{CONTACT_2}} | {{ORG}} | {{RELATIONSHIP}} | {{NEW_OWNER}} | ### Undocumented Tribal Knowledge Capture **Knowledge transfer sessions scheduled:** | Topic | Date | Format | Notes Doc | |-------|------|--------|-----------| | {{TOPIC_1}} | {{DATE}} | 1:1 recording + notes | {{LINK}} | | {{TOPIC_2}} | {{DATE}} | Pair programming | {{LINK}} | **Capture questions to ask:** 1. What breaks in production that only you know how to fix? 2. What shortcuts or workarounds exist in the codebase that aren't documented? 3. What external services have non-obvious quirks? 4. What technical debt exists that you've been meaning to address? 5. Are there any upcoming risks or time bombs in the codebase? 6. Are there any informal agreements or commitments with stakeholders? --- ## 4. Code Ownership Transfer ### CODEOWNERS File Update ```bash # Review current CODEOWNERS cat CODEOWNERS | grep "{{DEVELOPER_HANDLE}}" # Replace with new owner(s) # CODEOWNERS update PR: {{PR_LINK}} ``` - [ ] CODEOWNERS file updated and PR merged - [ ] New owners briefed on their additional responsibilities ### PR Review Reassignment - [ ] Open PRs awaiting their review: reassigned to {{REVIEWER_REPLACEMENT}} - [ ] In-progress PR review responsibilities communicated to team ### On-Call Rotation - [ ] Removed from on-call rotation in {{ONCALL_TOOL}} - [ ] On-call schedule updated and communicated - [ ] On-call runbooks updated to remove their contact information --- ## 5. Asset Return | Asset | Serial / ID | Return By | Returned | Condition | |-------|-------------|-----------|---------|-----------| | Laptop | {{SERIAL}} | {{LAST_DAY}} | Yes / No | | | Monitor | {{SERIAL}} | {{LAST_DAY}} | Yes / No | | | Access card / badge | — | {{LAST_DAY}} | Yes / No | | | {{OTHER_ASSET}} | — | {{LAST_DAY}} | Yes / No | | **IT returns coordinator:** {{IT_CONTACT}} --- ## 6. Exit Interview Topics **Exit interview conducted by:** {{INTERVIEWER}} **Date:** {{DATE}} **Format:** {{FORMAT}} **Topics to cover:** - What did you enjoy most about working here? - What could we improve for future developers? - Were there any blockers or frustrations that weren't addressed? - What did you learn? What skills did you develop? - Would you recommend working here to others? Why / why not? - Any concerns about the team or codebase you want to flag before leaving? **Exit interview notes:** {{NOTES_LINK}} (confidential — manager access only) --- ## 7. Final Checklist Sign-Off ### Manager Sign-Off - [ ] All access revocation items completed - [ ] Knowledge transfer sessions completed - [ ] Code ownership transferred - [ ] All projects handed off with documentation - [ ] Assets returned - [ ] Exit interview conducted - [ ] Payroll and HR notified **Manager:** {{MANAGER}} | **Date:** {{DATE}} | **Signature:** ___________ ### Developer Sign-Off - [ ] All work documented and handed off - [ ] All personal assets retrieved (personal items, any personal accounts) - [ ] No company data retained on personal devices - [ ] Exit interview completed **Developer:** {{DEVELOPER_NAME}} | **Date:** {{DATE}} | **Signature:** ___________ ### Security Sign-Off - [ ] All access revocation items verified independently - [ ] Shared secrets rotated - [ ] Audit log reviewed for last 30 days — no anomalies **Security Reviewer:** {{SECURITY_REVIEWER}} | **Date:** {{DATE}} | **Signature:** ___________ --- ## Related Documents - [Developer Onboarding Guide](./developer-onboarding-guide.md) - [Coding Standards](./coding-standards.md) --- ## Approval | Role | Name | Date | Signature | |------|------|------|-----------| | Author | | | | | Reviewer | | | | | Approver | | | |