[nycbug-talk] password repository
Okan Demirmen
okan at demirmen.com
Wed Dec 30 14:35:44 EST 2009
On Wed 2009.12.30 at 13:02 -0500, nikolai wrote:
> > what do you all use, recommend, love, hate?
> >
> > what about "shared" repositories in environments where you have a bunch
> > of sysadmins, all of whom should be able to view/add/modify entires and
> > such?
> >
> > while this is off-BSD topic, i'm sure all of us have run into such a
> > question at some point.
>
> I encrypt text file with passwords, etc. using openssl
> like 'openssl enc -bf -salt -in vault -out vault.bf'
> and check it into cvs. Of course people using/updating
> the file need to know the master password ...
so we do the same thing, bf and store the encrypted bits in our local
cvs tree. issue here is of course the person changing it better not
mis-type the password when re-crypting and committing ;( this is the
thing i dislike about the approach.
truecrypt is analogues to disk/volume encrypting bits we already have in
bsd - but it doesn't help if this image is mounted on a server
somewhere..and say someone doesn't un-mount it after use...
the moving-into-complex solutions could revolve around a public/private
trust, such as pgp, with a series of wrappers to make it work for a
group of people..
i'm just shooting out ideas - curious to see how others handle this
type of stuff ;)
i'm aware of the tons of "commerical" and "complicated" stuff out there,
but i tend to stay away from those...
cheers,
okan
More information about the talk
mailing list