
Ask HN: How are teams sharing secrets? - ChartsNGraffs
What&#x27;s the best way your team has found to manage secrets for things like db passwords, admin login credentials, etc.?
======
mtmail
94 comments on similar discussion two weeks ago

Ask HN: How are credentials managed at your company?
[https://news.ycombinator.com/item?id=12396883](https://news.ycombinator.com/item?id=12396883)

------
marvel_boy
Instead of requiring only a password is better to use Two-Factor
authentication.

~~~
tptacek
2FA doesn't work so great for Postgres.

~~~
anarazel
You can do stuff with gssapi / kerberos. Or, if you consider that 2FA, you can
use client certificates in addition to passwords. Interactive 2FA probably imo
doesn't make that much sense for a database.

~~~
tptacek
Yep, that's what I'm trying to say. :)

The "team secret sharing problem" usually refers to "how do we manage all the
API and backend secrets we need to deploy and test a new instance, without
having everyone shlepping them around on their dev laptops, and without ending
up in a mode were the loss of one server equates to the loss of every instance
in the environment."

~~~
anarazel
Well, kerberos isn't a bad answer for that. But it's way too annoying to set
up :/

