Hacker Newsnew | comments | show | ask | jobs | submitlogin
Ask HN: How do you manage server side credentials?
11 points by reinhardt 854 days ago | 4 comments
At work we maintain passwords, keys and secrets for a few dozens internal and 3rd party services such as S3, Sendgrid, Xero and more. For most services we actually have at least two accounts, one being used exclusively on production. So far we have been been storing most credentials in plain text config files under version control but we are looking for something more secure in case the source code is compromised. Any suggestions?



Assuming its just data at rest? Use gpg. Encrypt your plaintext with all of the authorized users public keys. When someone joins few crypt with the new persons key. When they leave rotate creds and rencrypt minus their key. Keep the cipher text in VCS so you have change history and a light audit trail.

This method is very maintainable for a dozen or two users. I've never looked, but there's probably a management application built around this work flow as well.

-----


Storing in environment variables is a good practice.

Take a look at this: http://www.12factor.net/config

-----


One thing to be aware of when storing sensitive information in environment variables, is that it is possible to view the environment variables a process is using.

-----


I would recommend LastPass Entreprise (https://lastpass.com/enterprise_overview.php)

-----




Guidelines | FAQ | Support | API | Lists | Bookmarklet | DMCA | Y Combinator | Apply | Contact

Search: