DEV Community: John Lund-Molfese The latest articles on DEV Community by John Lund-Molfese (@johnlm). https://dev.to/johnlm https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F445691%2F16bd057b-cf6e-41f4-8c8c-af107382182c.jpg DEV Community: John Lund-Molfese https://dev.to/johnlm en Automated Secret Retrieval Using Hashicorp Vault John Lund-Molfese Sun, 22 May 2022 14:21:55 +0000 https://dev.to/johnlm/automated-secret-retrieval-using-hashicorp-vault-dgo https://dev.to/johnlm/automated-secret-retrieval-using-hashicorp-vault-dgo <h4> Prerequisites: </h4> <ul> <li>A Vault path, with your secrets your project can use</li> <li>A <a href="https://www.vaultproject.io/docs/auth/userpass">username and password</a> to access your Vault secrets (or an alternative method of authentication)</li> <li>A basic <a href="https://spring.io/guides/gs/spring-boot/">Spring Boot project</a>.</li> </ul> <p>There's a lot of good <a href="https://spring.io/guides/gs/vault-config/">documentation</a> on using the Vault CLI to automatically retrieve secrets and inject them into a Spring application at runtime. This saves time, because you don't have to manually enter them into a Spring properties file, and improves security by making it harder to accidentally commit credentials. But what if you aren't able to install the Vault CLI, or want to minimize the number of external dependencies your application requires users to install?</p> <p>Another option is to use <a href="https://www.vaultproject.io/api">Vault's HTTP API</a>, which provides similar functionality. In this example, we'll pretend we have an application that calls another API using a username and password we retrieve from Vault.</p> <p>This guide will first detail how to retrieve secrets from your Vault path, then how to make them available while your application is running. This code was tested using Java 8, but should work for earlier and later versions.</p> <h4> Retrieving Secrets at Runtime </h4> <p>Let's start by creating a helper class to retrieve all the secrets in a Vault path as a <code>java.util.Properties</code> object we can inject into the application later. You can create this file in any package, for example, <code>main/java/org.john.example/config/VaultRetrievalUtil.java</code> .<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">org.john.example.config</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.http.*</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.fasterxml.jackson.databind.JsonNode</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.web.client.RestTemplate</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.net.URI</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.*</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">VaultRetrievalUtil</span><span class="o">{</span> <span class="nc">RestTemplate</span> <span class="n">restTemplate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RestTemplate</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <p>The first method we'll write will consume our Vault credentials to retrieve a client token, which is required to access the Vault API. We need to escape quotes in the JSON request body.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="kd">private</span> <span class="nc">String</span> <span class="nf">retrieveVaultClientToken</span><span class="o">(</span><span class="nc">String</span> <span class="n">vaultUsername</span><span class="o">,</span> <span class="nc">String</span> <span class="n">vaultPassword</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">requestBody</span> <span class="o">=</span> <span class="s">"{\\"</span><span class="n">password</span><span class="err">\</span><span class="s">":\\"" + vaultPassword + "</span><span class="err">\</span><span class="s">"}"</span><span class="o">;</span> <span class="no">URI</span> <span class="n">vaultLoginUri</span> <span class="o">=</span> <span class="no">URI</span><span class="o">.</span><span class="na">create</span><span class="o">(</span><span class="s">"https://vault.mywebsite.com:8200/v1/auth/ldap/login/"</span> <span class="o">+</span> <span class="n">vaultUsername</span><span class="o">);</span> <span class="nc">RequestEntity</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">requestEntity</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RequestEntity</span><span class="o">&lt;&gt;(</span><span class="n">requestBody</span><span class="o">,</span> <span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="n">vaultLoginUri</span><span class="o">);</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">responseEntity</span> <span class="o">=</span> <span class="n">restTemplate</span><span class="o">.</span><span class="na">exchange</span><span class="o">(</span><span class="n">requestEntity</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Objects</span><span class="o">.</span><span class="na">requireNonNull</span><span class="o">(</span><span class="n">respone</span><span class="o">.</span><span class="na">getBody</span><span class="o">()).</span><span class="na">get</span><span class="o">(</span><span class="s">"auth"</span><span class="o">).</span><span class="na">get</span><span class="o">(</span><span class="s">"client_token"</span><span class="o">).</span><span class="na">asText</span><span class="o">();</span> <span class="o">}</span> </code></pre> </div> <p>Once we have the token, we can write a method to retrieve the JSON object containing all our secrets in our Vault path.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="kd">private</span> <span class="nc">JsonNode</span> <span class="nf">retrieveVaultSecrets</span><span class="o">(</span><span class="nc">String</span> <span class="n">vaultClientToken</span><span class="o">)</span> <span class="o">{</span> <span class="no">URI</span> <span class="n">vaultSecretsPath</span> <span class="o">=</span> <span class="no">URI</span><span class="o">.</span><span class="na">create</span><span class="o">(</span><span class="s">"https://vault.mywebsite.com:8200/v1/mySecretsPath"</span><span class="o">)</span> <span class="nc">HttpHeaders</span> <span class="n">httpHeaders</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HttpHeaders</span><span class="o">();</span> <span class="n">headers</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"X-Vault-Token"</span><span class="o">,</span> <span class="nc">Collections</span><span class="o">.</span><span class="na">singletonList</span><span class="o">(</span><span class="n">vaultToken</span><span class="o">));</span> <span class="nc">HttpEntity</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">requestEntity</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HttpEntity</span><span class="o">&lt;&gt;(</span><span class="kc">null</span><span class="o">,</span> <span class="n">httpHeaders</span><span class="o">);</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">responseEntity</span> <span class="o">=</span> <span class="n">restTemplate</span><span class="o">.</span><span class="na">exchange</span><span class="o">(</span><span class="n">vaultSecretsPath</span><span class="o">,</span> <span class="nc">HttpMethod</span><span class="o">.</span><span class="na">GET</span><span class="o">,</span> <span class="n">request</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Objects</span><span class="o">.</span><span class="na">requireNonNull</span><span class="o">(</span><span class="n">response</span><span class="o">.</span><span class="na">getBody</span><span class="o">()).</span><span class="na">get</span><span class="o">(</span><span class="s">"data"</span><span class="o">);</span> <span class="o">}</span> </code></pre> </div> <p>We're halfway there! But we can't use this JsonNode directly, we'll need to convert it to a <code>java.util.Properties</code> object next.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code> <span class="kd">private</span> <span class="nc">Properties</span> <span class="nf">convertSecretsToSpringProperties</span><span class="o">(</span><span class="nc">JsonNode</span> <span class="n">vaultSecrets</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Properties</span> <span class="n">properties</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Properties</span><span class="o">();</span> <span class="k">for</span><span class="o">(</span><span class="nc">Iterator</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">.</span><span class="na">Entry</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">&gt;&gt;</span> <span class="n">iterator</span> <span class="o">=</span> <span class="n">vaultSecrets</span><span class="o">.</span><span class="na">fields</span><span class="o">();</span> <span class="n">iterator</span><span class="o">.</span><span class="na">hasNext</span><span class="o">();){</span> <span class="nc">Map</span><span class="o">.</span><span class="na">Entry</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">secret</span> <span class="o">=</span> <span class="n">iterator</span><span class="o">.</span><span class="na">next</span><span class="o">();</span> <span class="n">properties</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="n">secret</span><span class="o">.</span><span class="na">getKey</span><span class="o">(),</span> <span class="n">secret</span><span class="o">.</span><span class="na">getValue</span><span class="o">().</span><span class="na">textValue</span><span class="o">());</span> <span class="o">}</span> <span class="k">return</span> <span class="n">properties</span><span class="o">;</span> <span class="o">}</span> </code></pre> </div> <p>Let's put it all together now and write a public method for our other classes to use. In the code below, we're assuming we've set the environment variables myVaultUsername and myVaultPassword with our vault username and password.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">org.john.example.config</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.http.*</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">com.fasterxml.jackson.databind.JsonNode</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.web.client.RestTemplate</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.net.URI</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">java.util.*</span><span class="o">;</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">VaultRetrievalUtil</span><span class="o">{</span> <span class="nc">RestTemplate</span> <span class="n">restTemplate</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RestTemplate</span><span class="o">();</span> <span class="kd">public</span> <span class="nc">Properties</span> <span class="nf">retrieveVaultProperties</span><span class="o">(){</span> <span class="nc">String</span> <span class="n">vaultUsername</span> <span class="o">=</span> <span class="nc">System</span><span class="o">.</span><span class="na">getenv</span><span class="o">(</span><span class="s">"myVaultUsername"</span><span class="o">);</span> <span class="nc">String</span> <span class="n">vaultPassword</span> <span class="o">=</span> <span class="nc">System</span><span class="o">.</span><span class="na">getenv</span><span class="o">(</span><span class="s">"myVaultPassword"</span><span class="o">);</span> <span class="k">if</span><span class="o">(</span><span class="n">vaultUsername</span> <span class="o">!=</span> <span class="kc">null</span> <span class="o">&amp;&amp;</span> <span class="n">vaultPassword</span> <span class="o">!=</span> <span class="kc">null</span><span class="o">){</span> <span class="nc">String</span> <span class="n">vaultClientToken</span> <span class="o">=</span> <span class="n">retrieveVaultClientToken</span><span class="o">(</span><span class="n">vaultUsername</span><span class="o">,</span> <span class="n">vaultPassword</span><span class="o">);</span> <span class="nc">JsonNode</span> <span class="n">vaultSecrets</span> <span class="o">=</span> <span class="n">retrieveVaultSecrets</span><span class="o">(</span><span class="n">vaultClientToken</span><span class="o">);</span> <span class="k">return</span> <span class="nf">convertSecretsToSpringProperties</span><span class="o">(</span><span class="n">vaultSecrets</span><span class="o">);</span> <span class="o">}</span> <span class="k">else</span><span class="o">{</span> <span class="cm">/* Assuming if these credentials are not set, the user doesn't need credentials from Vault. Alternatively, we could throw an exception if they're required for the application to work. */</span> <span class="k">return</span> <span class="k">new</span> <span class="nf">Properties</span><span class="o">();</span> <span class="o">}</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">String</span> <span class="nf">retrieveVaultClientToken</span><span class="o">(</span><span class="nc">String</span> <span class="n">vaultUsername</span><span class="o">,</span> <span class="nc">String</span> <span class="n">vaultPassword</span><span class="o">)</span> <span class="o">{</span> <span class="nc">String</span> <span class="n">requestBody</span> <span class="o">=</span> <span class="s">"{\\"</span><span class="n">password</span><span class="err">\</span><span class="s">":\\"" + vaultPassword + "</span><span class="err">\</span><span class="s">"}"</span><span class="o">;</span> <span class="no">URI</span> <span class="n">vaultLoginUri</span> <span class="o">=</span> <span class="no">URI</span><span class="o">.</span><span class="na">create</span><span class="o">(</span><span class="s">"https://vault.mywebsite.com:8200/v1/auth/ldap/login/"</span> <span class="o">+</span> <span class="n">vaultUsername</span><span class="o">);</span> <span class="nc">RequestEntity</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">requestEntity</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">RequestEntity</span><span class="o">&lt;&gt;(</span><span class="n">requestBody</span><span class="o">,</span> <span class="nc">HttpMethod</span><span class="o">.</span><span class="na">POST</span><span class="o">,</span> <span class="n">vaultLoginUri</span><span class="o">);</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">responseEntity</span> <span class="o">=</span> <span class="n">restTemplate</span><span class="o">.</span><span class="na">exchange</span><span class="o">(</span><span class="n">requestEntity</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Objects</span><span class="o">.</span><span class="na">requireNonNull</span><span class="o">(</span><span class="n">respone</span><span class="o">.</span><span class="na">getBody</span><span class="o">()).</span><span class="na">get</span><span class="o">(</span><span class="s">"auth"</span><span class="o">).</span><span class="na">get</span><span class="o">(</span><span class="s">"client_token"</span><span class="o">).</span><span class="na">asText</span><span class="o">();</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">JsonNode</span> <span class="nf">retrieveVaultSecrets</span><span class="o">(</span><span class="nc">String</span> <span class="n">vaultClientToken</span><span class="o">)</span> <span class="o">{</span> <span class="no">URI</span> <span class="n">vaultSecretsPath</span> <span class="o">=</span> <span class="no">URI</span><span class="o">.</span><span class="na">create</span><span class="o">(</span><span class="s">"https://vault.mywebsite.com:8200/v1/mySecretsPath"</span><span class="o">)</span> <span class="nc">HttpHeaders</span> <span class="n">httpHeaders</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HttpHeaders</span><span class="o">();</span> <span class="n">headers</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="s">"X-Vault-Token"</span><span class="o">,</span> <span class="nc">Collections</span><span class="o">.</span><span class="na">singletonList</span><span class="o">(</span><span class="n">vaultToken</span><span class="o">));</span> <span class="nc">HttpEntity</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">&gt;</span> <span class="n">requestEntity</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">HttpEntity</span><span class="o">&lt;&gt;(</span><span class="kc">null</span><span class="o">,</span> <span class="n">httpHeaders</span><span class="o">);</span> <span class="nc">ResponseEntity</span><span class="o">&lt;</span><span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">responseEntity</span> <span class="o">=</span> <span class="n">restTemplate</span><span class="o">.</span><span class="na">exchange</span><span class="o">(</span><span class="n">vaultSecretsPath</span><span class="o">,</span> <span class="nc">HttpMethod</span><span class="o">.</span><span class="na">GET</span><span class="o">,</span> <span class="n">request</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="k">return</span> <span class="nc">Objects</span><span class="o">.</span><span class="na">requireNonNull</span><span class="o">(</span><span class="n">response</span><span class="o">.</span><span class="na">getBody</span><span class="o">()).</span><span class="na">get</span><span class="o">(</span><span class="s">"data"</span><span class="o">);</span> <span class="o">}</span> <span class="kd">private</span> <span class="nc">Properties</span> <span class="nf">convertSecretsToSpringProperties</span><span class="o">(</span><span class="nc">JsonNode</span> <span class="n">vaultSecrets</span><span class="o">)</span> <span class="o">{</span> <span class="nc">Properties</span> <span class="n">properties</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Properties</span><span class="o">();</span> <span class="k">for</span><span class="o">(</span><span class="nc">Iterator</span><span class="o">&lt;</span><span class="nc">Map</span><span class="o">.</span><span class="na">Entry</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">&gt;&gt;</span> <span class="n">iterator</span> <span class="o">=</span> <span class="n">vaultSecrets</span><span class="o">.</span><span class="na">fields</span><span class="o">();</span> <span class="n">iterator</span><span class="o">.</span><span class="na">hasNext</span><span class="o">();){</span> <span class="nc">Map</span><span class="o">.</span><span class="na">Entry</span><span class="o">&lt;</span><span class="nc">String</span><span class="o">,</span> <span class="nc">JsonNode</span><span class="o">&gt;</span> <span class="n">secret</span> <span class="o">=</span> <span class="n">iterator</span><span class="o">.</span><span class="na">next</span><span class="o">();</span> <span class="n">properties</span><span class="o">.</span><span class="na">put</span><span class="o">(</span><span class="n">secret</span><span class="o">.</span><span class="na">getKey</span><span class="o">(),</span> <span class="n">secret</span><span class="o">.</span><span class="na">getValue</span><span class="o">().</span><span class="na">textValue</span><span class="o">());</span> <span class="o">}</span> <span class="k">return</span> <span class="n">properties</span><span class="o">;</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>That's it for now! Next we'll inject these properties into our application</p> <h4> Injecting Spring properties into our application </h4> <p>This part is simple, we'll create an instance of our VaultRetrievalUtil, then set the properties we retrieve from that class as the defaults in our main class. This means they can still be overridden if the user specifically chooses to define them elsewhere.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kn">package</span> <span class="nn">org.john.example</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.boot.SpringApplication</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.boot.autoconfigure.SpringBootApplication</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.springframework.cache.annotation.EnableCaching</span><span class="o">;</span> <span class="kn">import</span> <span class="nn">org.john.example.config.VaultRetrievalUtil</span><span class="o">;</span> <span class="nd">@SpringBootApplication</span> <span class="kd">public</span> <span class="kd">class</span> <span class="nc">Application</span><span class="o">{</span> <span class="kd">public</span> <span class="kd">static</span> <span class="kt">void</span> <span class="nf">main</span><span class="o">(</span><span class="nc">String</span><span class="o">[]</span> <span class="n">args</span><span class="o">){</span> <span class="nc">VaultRetrievalUtil</span> <span class="n">vaultRetrievalUtil</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">VaultRetrievalUtil</span><span class="o">();</span> <span class="nc">SpringApplication</span> <span class="n">application</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">SpringApplication</span><span class="o">(</span><span class="nc">Application</span><span class="o">.</span><span class="na">class</span><span class="o">);</span> <span class="n">application</span><span class="o">.</span><span class="na">setDefaultProperties</span><span class="o">(</span><span class="n">vaultRetrievalUtil</span><span class="o">.</span><span class="na">retrieveVaultProperties</span><span class="o">());</span> <span class="n">application</span><span class="o">.</span><span class="na">run</span><span class="o">(</span><span class="n">args</span><span class="o">);</span> <span class="o">}</span> <span class="o">}</span> </code></pre> </div> <p>That's it! All of the properties in our Vault path are now accessible while the application is running. You can retrieve them like any Spring properties now, for example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight java"><code><span class="kd">public</span> <span class="kd">class</span> <span class="nc">consumingClass</span><span class="o">{</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"usernameToCallAnotherApi"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">usernameToCallAnotherApi</span><span class="o">;</span> <span class="nd">@Value</span><span class="o">(</span><span class="s">"passwordToCallAnotherApi"</span><span class="o">)</span> <span class="kd">private</span> <span class="nc">String</span> <span class="n">passwordToCallAnotherApi</span><span class="o">;</span> <span class="o">...</span> <span class="o">}</span> </code></pre> </div> <h4> Conclusion </h4> <p>You probably don't want to use this solution exactly in a production environment because it's insecure, especially if anyone else has access to your server. But for use locally, it should be fine, and avoids the possibility of accidentally committing credentials to source control.</p> Video Calls on Distributed Teams John Lund-Molfese Sun, 22 May 2022 14:20:25 +0000 https://dev.to/johnlm/video-calls-on-distributed-teams-d0f https://dev.to/johnlm/video-calls-on-distributed-teams-d0f <h3> Sometimes we Need Video Calls </h3> <p>On a distributed team, it's generally best to default to <a href="https://xahteiwi.eu/resources/presentations/no-we-wont-have-a-video-call-for-that/">written communication</a> <br> when discussing matters of business value for a few reasons:</p> <ul> <li>Most forms of written communication (even chat!) externalize information. If you aren't able to attend at the time a video meeting is held, you're out of luck. Your voice won't be heard, and you won't be able to find what was discussed after the fact.</li> <li>Many decisions require information which isn't available at the time of a video meeting. Asynchronous communication empowers individuals to learn and contribute on their schedule and at their own pace, rather than worrying about holding everyone else up.</li> <li>Meetings have an outsized cost to software engineers and other people on the <a href="http://www.paulgraham.com/makersschedule.html">maker schedule</a>.</li> </ul> <p>Of course, there are exceptions. A public 1:1 meeting conducted on your company's internal wiki would be an interesting<br> experiment, but probably not the most comfortable or productive experience for anyone. Design thinking workshops with<br> stakeholders provide opportunities for iterating and clearing up misunderstandings rapidly when conducted over a video<br> call. Interviews with external candidates should probably be conducted over video calls, and the same thing for recurring<br> team meetings. There are many scenarios where a video call truly does make the most sense.</p> <p>Also, useful written communication is a skill like any other. Especially if you're new to the industry, or have recently<br> made the switch to a distributed team, you might be more comfortable with the face to face conversations which are more<br> typical of in-person jobs. If a new member of your team asks for a video call, it makes sense to meet them where they<br> are, and worry about best practices later on.</p> <h3> More Productive Video Calls </h3> <p>So, you're going to have some meetings. With that in mind, you should:</p> <ol> <li> <strong>Try</strong> to embrace written, public communication as a default where possible. <ol> <li>Most conversations shouldn't take place in direct messages, as they prevent others from providing feedback or finding the information in the future.</li> </ol> </li> <li> <strong>When</strong> a video call is necessary, schedule it ahead of time. <ol> <li>An anticipated interruption is better and more respectful than an unanticipated interruption.</li> </ol> </li> <li> <strong>Never</strong> send a bare meeting link without context, or initiate a video call without a heads up. <ol> <li>Sometimes you really do need an unscheduled, immediate meeting. These situations are very rare, and the dollar cost of delaying the meeting should have at least an extra zero in it compared to scheduling the meeting an hour in advance.</li> <li>If an immediate meeting is necessary, provide context to avoid "ambushing" the person you're inviting. By not providing context, you're implicitly stating that your time is significantly more valuable than theirs. This may or may not be true, but even if it is, it's best not to give that impression.</li> <li>On a distributed team, not everyone works on your schedule. You might not be doing anything at 3PM in your local time zone, but they might be eating lunch, putting their kids to bed, working heads down on a time-sensitive project, etc</li> </ol> </li> </ol>