A few years ago, I was helping a company get its secrets in order. There were secrets stored in Google Docs, in Chef, in git, in an OSX image stored in git, in email, in a file manually placed in a Jenkins instance somewhere near you. It helps to split out your solutions by common use cases rather than use one tool for everything so here's 4 things that your org might need a safe and secure way to do (because odds are they aren't right now). Disclaimer: I have no affiliation with any of these companies mentioned below.
-
Have a way of sharing credentials internally including non-technical users. Use something like LastPass Enterprise, 1Password Teams to share things like admin logins and billing credentials. These services also come with an extension for most browsers to auto-fill your passwords on all your sites and you can still share them with groups.
Things like database credentials aren't a great fit here, and belong closer to the machines that need to read them where your engineers can interact with them. -
Have a way of securely storing & sharing sensitive files including non-technical users. LastPass lets you save files, perfectly fine for things like zips containing SSL certificates and that kinda thing. It's not a good fit for sending things like sensitive PDFs.
Google Drive/Dropbox work up to a certain extent, but lack good auditing features to know which files were shared with what users. Egnyte & Accellion offer paid services for this particular type of use case (and you'd probably have compliance/regulatory requirements) before you really need it. -
Have a safe way of sending secrets to someone else (not to a group). Some of your users will likely be sending over slack and then deleting the message - this is a terrible solution - but I'm also guilty of it - its just too easy. onetimesecret.com is a useful site that lets you send secrets using a one-time use link (and they can have a passphrase, and expire too). Vault can do "response wrapping" which lets you share a secret without you ever seeing the secret - not very user-friendly, but more dev-friendly.
-
Have a way of storing machine-facing credentials somewhere thats not on your computer. This is where using tools like Vault or AWS Parameter Store make it super-easy if you're working in a cloud environment on a larger team. You can also go barebones and store them in git using git-crypt or using AWS KMS to encrypt secrets locally. You can always use Encrytped Data Bags from Chef, Ansible Vault, or Puppet hiera-eyaml if you're using one of those config management systems.
The last thing is figuring out a decent authorization scheme so that you know who has access to what. That largely depends on how well you can define "who", the different types of "access", and "what" are all the permutations of things people can have access to.
41 Comments. Leave new
very satisfying in terms of information thank you very much. horse racing today on tv
Your article helped me a lot, thanks for the information. I also like your blog theme, can you tell me how you did it?
Thank you for your shening. I am worried that I lack creative ideas. It is your enticle that makes me full of hope. Thank you. But, I have a question, can you help me? https://accounts.binance.com/en/register?ref=P9L9FQKY
Your point of view caught my eye and was very interesting. Thanks. I have a question for you. https://accounts.binance.com/en/register-person?ref=P9L9FQKY
anybody who wanted to know what a body looked like after getting hit by a train cosplay porn. “ur mission is to actively reveal that censorship of the Internet is impractical
Whether you need to chat with strangers or with pals, omegle the choice is yours. BIGO LIVE is a live streaming and video chat app developed by Bigo Technology Pte.
Omegle is a wonderful Omegle different featuring chat rooms video chat with 12 video feeds each. Using the location is totally free, and customers are allowed to invite people they know and can create subjects of their particular pursuits.
Strangers would possibly ridicule your child for his or her appears or mannerisms, omegle and this cyberbullying may have long-term penalties to their psychological well being. A man from NY travelled to Charlottefor the aim of participating in inappropriate exercise.
comparable pursuits, whereas others let you connect with anyone, omegle, anywhere on the planet. No matter what your preferences are, omegle.com there is certain to be a random video chat app that is excellent for you.
I am currently writing a paper and a bug appeared in the paper. I found what I wanted from your article. Thank you very much. Your article gave me a lot of inspiration. But hope you can explain your point in more detail because I have some questions, thank you. 20bet
Thank you very much for sharing, I learned a lot from your article. Very cool. Thanks. nimabi
Thank you very much for sharing, I learned a lot from your article. Very cool. Thanks. nimabi
Thanks for sharing. I read many of your blog posts, cool, your blog is very good. https://www.binance.com/de-CH/join?ref=WTOZ531Y
Your article helped me a lot, is there any more related content? Thanks! https://www.binance.info/cs/join?ref=OMM3XK51
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
Dear Sir Great content I read the complete article believe me. I have seen your content and the quality of content is great but honestly. you have written high-quality content and a wonderful writing style. this article read got full help. <a href=" https://buypinealxt.us/">Pinealxt Supplement</a>
<a href=" https://adjewelry.in//">AD JEWELRY</a>
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good. https://www.binance.com/pl/register?ref=YY80CKRN
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
gluco6 reviews : https://gluco6reviews.usaloves.com/
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Thanks for sharing. I read many of your blog posts, cool, your blog is very good.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
Your point of view caught my eye and was very interesting. Thanks. I have a question for you.
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?
Is MitoThrive a scam, or is it legitimate?: mitothrive scam
Is AppaNail a Scam or Legit?: AppaNail scam
Is Pineal Pure a scam or is it legitimate?: pineal pure scam
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.
Can you be more specific about the content of your article? After reading it, I still have some doubts. Hope you can help me.
I don’t think the title of your article matches the content lol. Just kidding, mainly because I had some doubts after reading the article.