

What to do about shared passwords? - andre

how do you handle usernames/passwords/api keys across a department/company?<p>I'm talking about passwords that many people need access to, such as vendors/partners that give you only one u/p for entire company. or server login infos.<p>do you put in a text file on a network?  intranet?who's in charge of them? custom database? some program that I'm not aware of?
======
sblom
One thing I've done before is create a truecrypt volume that a privileged few
folks have the passphrase to unlock. Inside the truecrypt volume, we had a
text file with username/passwords and other notes. Additionally, we had
folders within the volume that kept our company's SSL certificates and other
critical security secrets.

That only works in when the secrets need to be shared among a very few people.
When more people are involved it gets very very difficult to segment out who
has access to what.

