[BBLISA] Systems for Organizing Shared Secrets
Ben Eisenbraun
bene at klatsch.org
Thu Mar 27 21:35:50 EDT 2014
On Thu, Mar 27, 2014 at 09:22:27PM -0400, Neil Schelly wrote:
> * I'm looking for something the is akin to a multi-user KeePassX-like
> database that lets us have users authenticate to the database, get access
> to only the secrets they should see, and then be able to retrieve them or
> some artifact of them (like a calculated password hash instead of the
> actual password). Authentication should come from a human passing a
> 2-factor test, or some kind of pre-generated API key so that applications
> can access the credentials they may need.
We use LastPass Enterprise for this at my workplace.
For anything web-based, it's a really nice tool. The browser plugins are
generally excellent and the Android/iOS clients are decent. They
support 2-factor auth.
It's less polished for SSH keys and other types of shared secrets, but
it does let you share encrypted "notes", i.e. blocks of text suitable
for SSH/SSL keys and multiple access levels.
It also lets users store their individual per-user credentials, and it
encourages people to use long, unique, randomly generated passwords as
well as providing a general "score" on how good your passwords are. I
feel like that's a nice prod to encourage good password hygiene.
Some parts of the admin UI are slightly clunky, but generally I'm pretty
happy with it.
-ben
--
i propose we leave math to the machines and go play outside.
<calvin>
More information about the bblisa
mailing list