<div dir="ltr"><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 24, 2014 at 10:14 PM, Edward Ned Harvey (bblisa4) <span dir="ltr"><<a href="mailto:bblisa4@nedharvey.com" target="_blank">bblisa4@nedharvey.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Are you looking for something like a secure cloud file sync application, like google drive or dropbox, but *with security* and subfolders with ACL's on them and stuff like that? Or are you looking for something else?</blockquote>
</div><br>The more I look into this, the more I'm convinced I'm looking for two things. In my head, they are differing functions acting on the same kinds of secrets. There doesn't seem to be much overlap in the marketplace (commercial or FOSS) between these two types of systems though.</div>
<div class="gmail_extra">* I'm looking for something the is akin to a multi-user KeePassX-like database that lets us have users authenticate to the database, get access to only the secrets they should see, and then be able to retrieve them or some artifact of them (like a calculated password hash instead of the actual password). Authentication should come from a human passing a 2-factor test, or some kind of pre-generated API key so that applications can access the credentials they may need. </div>
<div class="gmail_extra">* I'm also looking for an SSL key management tool, letting users and systems generate keys according to their permissions without having to know the CA passphrase, possibly integrated with some sort of HSM to further the encryption generators and protection of the keys. OpenCA may be the solution here, but I haven't dug into enough to really evaluate what it can offer above our current openssl-based scripts.</div>
<div class="gmail_extra"><br></div><div class="gmail_extra">-N</div></div>