> So JackDB also acts as authentication provisioning front-end for a DBMS so users don't have to do that themselves and suffer the maintenance cost/overhead.
Yep. Couple of mouse clicks and a user no longer has access to one or more data sources (grants are role based). Similar effort for provisioning new users.
If the level of effort for a secure system is on par with emailing a password to a co-worker then people will actually use it. Plus with JackDB nobody other than the system admin even has the DB passwords so a normal user can't even send an email out if they wanted to.
> I'm curious, your VPC bastion; how do you make managing SSH keys scalable given that setup? And why not separate accounts which in fact help with keeping sane logs of who did what, and distribute the risk of compromise across several accounts?
At the moment things work for us as we're a very small team. Obviously something more scalable would be needed once you have a large number of people involved. The single proxy account is for convenience. That way the SSH keys to log into the other servers (accessible only through the bastion) can be shared. All servers (bastion included) log the public keys used to connect so we do have a trail of who/what/when. It would just be a bit more involved to filter it. Given our relatively small size it feels like a good tradeoff of security and convenience.
As we grow it's definitely something to (repeatedly) revisit, as is true about any security procedures.
Yep. Couple of mouse clicks and a user no longer has access to one or more data sources (grants are role based). Similar effort for provisioning new users.
If the level of effort for a secure system is on par with emailing a password to a co-worker then people will actually use it. Plus with JackDB nobody other than the system admin even has the DB passwords so a normal user can't even send an email out if they wanted to.
> I'm curious, your VPC bastion; how do you make managing SSH keys scalable given that setup? And why not separate accounts which in fact help with keeping sane logs of who did what, and distribute the risk of compromise across several accounts?
At the moment things work for us as we're a very small team. Obviously something more scalable would be needed once you have a large number of people involved. The single proxy account is for convenience. That way the SSH keys to log into the other servers (accessible only through the bastion) can be shared. All servers (bastion included) log the public keys used to connect so we do have a trail of who/what/when. It would just be a bit more involved to filter it. Given our relatively small size it feels like a good tradeoff of security and convenience.
As we grow it's definitely something to (repeatedly) revisit, as is true about any security procedures.