
Ask HN: How will you pass on secrets when you're gone? - stepbeek
Problem: As a freelance developer I end up managing secrets for clients. Things like encryption keys or login credentials are pretty common. I&#x27;ve begun wondering recently what would happen if I were to be hit by a bus - a totally normal, non-existential thought-process.<p>How do fellow Hacker News readers deal with this situation? I&#x27;m not super keen on passing off administrative access to non-technical stakeholders if I can help it, but I&#x27;m also not keen on being the SPOF for accessing an encrypted drive in the case that it&#x27;s necessary. Or granting a successor admin priveleges on a server.
======
myinitialsaretk
I hear you, I've been in the same situation.

I write very clear instructions in a Google Doc and share with multiple key
people at a client that sum up a high level of: Here's where all of your stuff
is. Here's what the next technical person would need to find and get access to
everything.

Then a USB key with all of their keyfiles. And a Keepass file with all of
their passwords. I keep a copy encrypted and saved for myself for the
inevitable 2 year later email of 'we lost access to everything.'

I've also put all of this info on a box not publicly accessible to the
internet, but in their VPC.

Basically, Dear Future Tech person - ssh in here and you can get all of the
instructions and access that you need.

~~~
stepbeek
> 2 year later email of 'we lost access to everything.'

This is my recurring fear. It's why I like the idea of making it difficult for
the client to gain this access because I'm hoping that a misplaced access
mechanism doesn't leave the system wide open.

~~~
myinitialsaretk
An agency I worked with handled this liability via a support contract.

It was structured as, pay us for N hours a month of retainer, we will keep
your servers patched and secured with updates and maintain all of your
credentials.

Otherwise, we don't want the liability of having access to all of your
systems, so we need to expire our access and hand it over to someone on your
team.

Sometimes the company had an IT dept that had no idea what to do with the
info, but would be in charge of keeping it. Or they would be happy to pay for
us to stay on top of things.

