I'd be interested to hear the other side of this story, ie. how frustrating and slow it must be for IT/devs to implement any change within that fortress ?
Any Devops on HN to tell us about the last time they implemented a change on a Monzo API ?
This is only for managing the most important secrets of all which are kept offline in safes for most of the time, development work just happens on regular Macbooks, I'm currently sat in my Bedroom writing this and I run this program / authored this blog post.
It sounds like this is just for them to mint Root Certificates. I don't see how this elaborate ceremony would impact other aspects of development. It perhaps speaks to a very security conscious development culture - and that can impact agility. But when you "move money" - that's a decent tradeoff.
Monzo engineer here. 99.99% of changes don't require key ceremonies. When they do, we can usually book them with a few days notice. It's normally for things like onboarding big new systems and gets planned into a project from the beginning.
The people who implemented this process are the same type of "IT/devs" or "Devops" you mention. There isn't a whole lot of throwing things over the wall to Ops, or for that matter putting up arduous processes against "normal" engineers.
I work on a system that is air-gapped where we also maintain state and run ceremonies several times a week. It's a very different paradigm than the one we are used to as developers where everything is always connected and online but we found a way to smooth the process from a developers point of view. However sometimes doing something as simple as collecting logs can be a challenge.
Any Devops on HN to tell us about the last time they implemented a change on a Monzo API ?