[BBLISA] Systems for Organizing Shared Secrets
Neil Schelly
neil at jenandneil.com
Thu Mar 27 21:22:27 EDT 2014
On Mon, Mar 24, 2014 at 10:14 PM, Edward Ned Harvey (bblisa4) <
bblisa4 at nedharvey.com> wrote:
> Are you looking for something like a secure cloud file sync application,
> like google drive or dropbox, but *with security* and subfolders with ACL's
> on them and stuff like that? Or are you looking for something else?
The more I look into this, the more I'm convinced I'm looking for two
things. In my head, they are differing functions acting on the same kinds
of secrets. There doesn't seem to be much overlap in the marketplace
(commercial or FOSS) between these two types of systems though.
* I'm looking for something the is akin to a multi-user KeePassX-like
database that lets us have users authenticate to the database, get access
to only the secrets they should see, and then be able to retrieve them or
some artifact of them (like a calculated password hash instead of the
actual password). Authentication should come from a human passing a
2-factor test, or some kind of pre-generated API key so that applications
can access the credentials they may need.
* I'm also looking for an SSL key management tool, letting users and
systems generate keys according to their permissions without having to know
the CA passphrase, possibly integrated with some sort of HSM to further the
encryption generators and protection of the keys. OpenCA may be the
solution here, but I haven't dug into enough to really evaluate what it can
offer above our current openssl-based scripts.
-N
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.bblisa.org/pipermail/bblisa/attachments/20140327/219e2453/attachment.html>
More information about the bblisa
mailing list