11

Our company's small tech team works with several different servers, to which we connect with pem files. What is a good way of storing the pem files so that it can be accessed by other team members if necessary?

A (probably bad) example of how to fulfill this requirement: Place the files in a Google Drive folder with access restricted to tech team members and our supervisor.

PEM files should not be lost if, for example, a fire destroyed all our workstations simultaneously.

juuga
  • 211
  • 1
  • 2
  • 4
  • What's your threat model? – StackzOfZtuff Nov 05 '15 at 22:04
  • I haven't done threat models before, but in this case I guess it would be something among the lines that I want to store them somewhere securely, and protect it by limiting access. The attacker would actually have to physically get to a team member's device which the pem files are on (or synced on). I'm just thinking are there concerns with a hosting company or govt agencies getting access to the pem files if they are stored in the cloud? – juuga Nov 06 '15 at 08:26
  • 1
    KMS+SOPS+Git should work for any scenario: https://security.stackexchange.com/questions/212311/how-can-i-safely-store-application-secrets-passwords-in-git-and-other-version-co/212312#212312 – neokyle Jun 23 '19 at 20:37
  • 1
    @neokyle That link sounded interesting but it's a 404 – drkvogel Oct 29 '19 at 12:00
  • 1
    @drkvogel The post was closed because I made a reference to a blog post I wrote that went into significantly more detail. I was only trying to share info on a topic where info is scarce, but admins said they closed it due self promotion -.- (If you're interested in the info google "Mozilla SOPS with KMS and Git is Massively Underrated") – neokyle Oct 29 '19 at 15:18
  • 1
    @neokyle Thanks, I found it and that is indeed a very thorough look at SOPS and does not sound like self-promotion at all - I don't know why your post was removed – drkvogel Nov 01 '19 at 10:17

2 Answers2

6

The right and only answer is do not share secret keys!

Things like private keys in PEMs are often not changed regularly and you have no way of auditing who is using the key. The keys can also be easily copied by an employee leaving the company or be leaked/hacked.

The best solution is to have keys issued to individual employees and ensure passwords are used to pretect them. You should also have some software/scripts on the servers to properly maintain the trusted public keys.

billc.cn
  • 3,852
  • 1
  • 16
  • 24
  • Hmm, the problem here, I guess, is that if they are only issued to individuals, it becomes difficult to maintain them if something happens to that individual's workstation where the file is stored or they forget their encoding key. The question has to do with maintaining a backup. – juuga Nov 10 '15 at 13:19
  • If a key is lost or the password is forgotten, it should be removed from the server and new keys can be issued to the user. Having automated scripts definitely helps this situation, but manual change is not that difficult. In addition, files on work stations should be regularly backed up. – billc.cn Nov 10 '15 at 13:39
  • What would be a good, secure, strategy and location for backing up the files regularly? – juuga Nov 10 '15 at 15:55
1

One option would be to use a file storage option in your password manager. For example, Lastpass has an option called "Secure Notes", which can have file attachments. These files are encrypted and then stored, and can only be decrypted by someone with the appropriate credentials. They can also be shared with other people in your team so everyone has access.

Scott C Wilson
  • 543
  • 3
  • 11
  • Bitwarden's a better alternative to Lastpass, more secure from what I've read, and better secure password sharing. I highly recommend it for sharing netflix, hulu, NordVPN accounts with family. But password manager solutions weren't designed to solve the needs of applications secrets management, Ex: no CI/CD integration. – neokyle Jun 23 '19 at 20:44