This page records where credentials live and who has access. It never
contains passwords, API keys, tokens, recovery codes, or card numbers. The
handbook is behind Cloudflare Access, but the rule still holds: the moment
secrets live in a docs file they leak into git history and backups. Put the
secrets in a password manager; put the pointer here.
For a 2-person company this is the highest-value continuity page. If one person
is permanently unavailable, this is how the other keeps the business running.
Which password manager does TILT use? _______
Who has access to the shared vault? _______
Is there an emergency-access / inheritance mechanism configured so the other
person can get in if one is unavailable? _______
Where is the master-password recovery method recorded for each person?
bot/plan.md provisionally decided: “Megan owns primary, Justin has admin
access on each, password in a shared password manager.” Confirm that is the
real arrangement and that it actually covers every account below.
For each account: who owns it, who else can access it, whether 2FA is on and
where the 2FA recovery codes live (pointer), and whether it is in the shared
vault. Fill from the Vendor register list.
Record at minimum:
Domain registrar (highest-stakes account; losing it loses the domain)
Cloudflare (DNS, Workers, and the Access policy for this very handbook)
WordPress admin + the WordPress host control panel
GitHub (Arishawke/TILT_Website) - note this is a personal GitHub account
Google: Ads, Analytics/GTM, Search Console, Workspace/email
Payment gateway + Easy Digital Downloads
Plugin/license accounts: Divi/Elegant Themes, WPForms, Rank Math, Imagify,
Wordfence
Provider accounts for the rent tool: HUD USER, RentCast
Bot platform accounts: Claude Pro, ChatGPT Plus, Google AI Pro
The business bank and any card used for the subscriptions above
justin@tiltanalytics.com mailbox (it is the support and routing address;
losing access to it breaks support and 2FA recovery for other accounts)