Decision
Approved for calendar year 2026: Apple Passwords is Cloudberrie Studio India LLP’s credential manager while infrastructure access is administered by a very small number of authorized people.
All company credentials, passkeys, recovery codes, and secure account notes must be stored in Apple Passwords. Plain-text copies in email, chat, spreadsheets, unprotected notes, screenshots, or source repositories are prohibited.
Scope
InfrastructureCloudflare, GitHub, Firebase, domain registrar, Apple Developer, Google Play and future cloud providers.
OperationsGoogle Workspace administration, Meta Business, LinkedIn, YouTube, Canva, OpenAI and vendor portals.
RecoveryMFA backup codes, recovery contacts, account creation date and authenticator method.
SecretsAPI credentials and webhook secrets only when the platform does not offer a dedicated secrets store.
Entry Naming Standard
Cloudberrie - Cloudflare
Cloudberrie - GitHub
Cloudberrie - Google Workspace
Cloudberrie - Firebase
Cloudberrie - Domain Registrar
Cloudberrie - Apple Developer
Cloudberrie - Meta BusinessUse the service name, not an individual employee’s name, for company platform credentials.
Required Entry Contents
| Field | Requirement |
|---|---|
| Website | Official sign-in URL |
| Username | Exact login identity, such as accounts@cloudberrie.com |
| Password or passkey | Generated strong credential or saved passkey |
| Notes | Legal owner, MFA status, authenticator, creation date, recovery-code date and exceptional setup information |
| Recovery codes | Store in the same protected entry or a clearly linked protected entry |
Cloudflare Example
Title: Cloudberrie - Cloudflare
Website: https://dash.cloudflare.com
Username: accounts@cloudberrie.com
Notes:
Owner: Cloudberrie Studio India LLP
Infrastructure timezone: UTC
MFA: Enabled
Recovery codes stored: 2026-07-17
Account state at creation: No domains, Pages projects, Workers, R2, D1 or billing resourcesProhibited Storage
- Unprotected Apple Notes or text files
- Google Docs, Word files, spreadsheets or the Cloudberrie Manual
- Email, WhatsApp, Slack or social direct messages
- GitHub repositories, committed configuration files or screenshots
- Browser downloads left indefinitely in Downloads
Review and Migration Trigger
The standard will be reviewed in January 2027. Review earlier if any of these occurs:
- Three or more employees require access to shared company credentials.
- Separate role-based vaults or audit logs are required.
- Credential sharing becomes recurring.
- Offboarding requires centralized revocation.
- A client, insurer, regulator or contract requires business-grade credential governance.
The preferred product for formal evaluation is 1Password Business; the selection remains subject to cost, administration and security review.