Skip to main content

Step 2: Request Access

Now that you have your key pairs, you will submit a pull request including those keys and your HMCTS email to get the access you need.

Access the Setup Repository

https://www.github.com/hmcts/cpp-terraform-azurerm-azuread

You would have already pulled this repository in earlier step if you used the self-service scripts to generate your keys.

It contains the user access configuration and detailed guidance on the access request process.

Prepare Your PR

Before creating your pull request, gather:

✓ Your GPG public key (from Step 1)

✓ Your SSH public key (from Step 1)

✓ Your team name (ask your colleagues which team you should join)

Add your user to configuration

Configuration for each user is stored within:

  • vars/nonlive/*-users.tfvars files for non-live tenant
  • vars/live/*-users.tfvars files for live tenant

If you need access to both, add yourself to both a non-live and a live team file.

Here is an example of adding a new user to backend developers team in non-live tenant:

vars/nonlive/backend_dev-users.tfvars

{
  user_principal_name = "<demo.user>@hmctsnonlive.onmicrosoft.com"
  display_name        = "Demo user"
  account_enabled     = true
  imported            = false
  initial_setup_info = {
    parent_email       = "demo.user@justice.gov.uk"
    ssh_b64_public_key = "<contents of your ssh-key.pub.b64 from Step 1>"
    gpg_b64_public_key = "<contents of your your-pub-key.asc.b64 from Step 1>"
  }
  job_title = "Your job title"
},

⚠️ Make sure you have your manager approval before requesting access.

Create the Pull Request

  1. Create a new branch: 
git checkout -b onboarding/add-user-[your-name]
  1. Commit your changes:
git add . && git commit -m "Add user access: [your name]"
  1. Push to remote: 
git push origin onboarding/add-user-[your-name]
  1. Create the PR in GitHub with title: 
Add user access: [your name]

Further Guidance

The configuration repository README contains more guidance and some more in-depth information.

Summary Checklist

Base64 encoded public keys and your email added to correct *-users.tfvars file

PR created with clear description

Next step: Step 3: Get Approved

← Back to onboarding overview

This page was last reviewed on 9 December 2025. It needs to be reviewed again on 9 June 2026 by the page owner platops-build-notices .
This page was set to be reviewed before 9 June 2026 by the page owner platops-build-notices. This might mean the content is out of date.