From e0bb404397ab9cae9e951af0bacdbe64d1e7ed09 Mon Sep 17 00:00:00 2001
From: Sarah Gibson <drsarahlgibson@gmail.com>
Date: Wed, 6 Dec 2023 12:18:51 +0000
Subject: [PATCH] Add documentation about regeneration deployer creds for SMCE
 accounts

---
 docs/hub-deployment-guide/new-cluster/smce.md | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/docs/hub-deployment-guide/new-cluster/smce.md b/docs/hub-deployment-guide/new-cluster/smce.md
index 5cc1d5c98b..0cc447fba2 100644
--- a/docs/hub-deployment-guide/new-cluster/smce.md
+++ b/docs/hub-deployment-guide/new-cluster/smce.md
@@ -48,3 +48,19 @@ the `hub-continuous-deployer` user belongs to. It should *not* contain the user
 
 Once this exemption has been processed, you can continue as usual with deployment of the hub.
 
+## Preparing for routine regeneration of the `hub-continuous-deployer` access credentials
+
+The `hub-continuous-deployer` has an access key and secret associated with it, this is how it
+authenticates with AWS to perform actions. SMCE accounts have a 60 day password/access key
+regeneration policy and so we need to prepare to regularly regenerate this access key.
+
+We track which clusters have had their `hub-continuous-dpeloyer` access key regenerated
+and when in this issue <https://github.com/2i2c-org/infrastructure/issues/2434> which
+also includes the steps for regeneration. Make sure to add the new cluster to this issue.
+
+```{warning}
+We only receive **5 days notice** that a password/access key will expire via email!
+
+Also it is unclear who receives this email: all engineers or just the engineer who
+setup the cluster?
+```