Appearance
Giving support teams safe device access
Support teams need device access. Shared account passwords are not a safe or scalable way to provide it.
Recommended approach
- Create a support team - separate from engineering and admin teams
- Scope device access - support sees customer production devices; engineering sees dev/staging
- Enable 2FA - require two-factor authentication on all accounts
- Use remote shell for diagnostics - avoid unnecessary public Wormhole exposure
- Review audit trails - periodically check who accessed which devices
What support should be able to do
- Find devices by customer or site tag
- Check online status and recent logs
- Open remote shell for diagnostics and service restarts
- Escalate to engineering with device context
What support should not do
- Share one login across the team
- Expose Wormhole services without application-level authentication
- Make configuration changes without documentation