9

Imagine we are working in a team of around 5 people. We all install new servers on a monthly base and need to find a better way of storing and sharing the server credentials (offline-location/webadress, root login, db login, ...) somewhere where the whole team can access them, read/write. This location does not have to be accessible through the internet, but is a can if someone can provide a safe way of doing that.

At the moment:

  • currently the one who setup the server has the credentials: remembers them (usually connected to very unsafe standard passwords) or writes them in an email, exchanges them via skype, puts them in a local word document, writes them on a sheet of paper
  • ssh-keys are already in use, but it just happened that the service was not available and we needed the root login, but it was hard to find and that should not happen again

What is a safe and best practice of storing and sharing credentials in a team?

Paper only? Samba share with documents? As emails only? Some kind of database? Third party software?

RoraΖ
  • 12,317
  • 4
  • 51
  • 83
Preexo
  • 215
  • 2
  • 4
  • 2
    Check out KeePass (http://keepass.info/help/base/multiuser.html) and 1Password (https://agilebits.com/onepassword) – Tate Hansen Oct 09 '14 at 05:46
  • 5
    For sure you should **never** send any password in an email or via skype. – PiTheNumber Oct 09 '14 at 07:36
  • You could all develop a shared-algorithm for password generation that takes into account what it is used for, the client and the server ID, that way you don't have to remember anything other than the algorithm. Easiest way to go, though if someone quits they will know all the passwords ;) Oh, another common option was storing the passwords physically in a secure dual-control location. That was a good one too. – Desthro Oct 09 '14 at 16:19

4 Answers4

3

Your issue is quite common and in general referred to as Privileged Account/User/Identity Management short PAM/PUM/PIM/PxM.

Keepass for sure is a solution used quite often, but from security, compliance and audit perspective not the best one. Since you are a team of five it's hard to tell if you have to comply with any policies. But if you have to, a commercial solution would be something to look into. It addresses more than just the password management and sharing passwords across a team, but also individual accountability, reporting and such.

So really it depends on your requirements, what way to go. From my experience I can tell you that there are many different ways used in enterprise environments, starting from paper in a secure location, down to files on shares. Especially regarding files on shares, e-mails or other 'online' storage always remember that there might be some administrator being able to access those who is not intended to.

HTH.

Deer Hunter
  • 5,297
  • 5
  • 33
  • 50
pat
  • 146
  • 1
  • thanks for your input, as an overall answer and a good reference for others I marked this as the correct answer. We will go with a ecncrypted file (like proposed in jerger's answer) on a share in our team. – Preexo Oct 13 '14 at 03:25
3

We are using a gnupg crypted plaintext file, which is distributed & versioned by git. Every Admin can decrypt either with

  1. a common known key (shared secret - maybe more risk in case of dismission) or
  2. each admin can decrypt with his own key (I think, the risk of secret leaking will be comparable)

Git will save you in case of wrong configured encryption operations.

For usage on desktop I can only suggest tools for kubunutu:

  • List item kgpg is a nice tool in trybar with an small integrated editor for decrypting e.g. the credentials file
  • Kleopatra can en-/decrypt the clipboard

I can imagine, that there are similar tools for windows. You can visit https://www.gnupg.org/related_software/swlist.html for a first overview

jerger
  • 31
  • 2
0

KeePass works well for relatively static passwords, or for dynamic entries. See Password Vault - Enterprise for details.

I have also found a really useful option (alternative?) for default shared accounts such as the local administrator. Pushing copies of your passwords to a SMB share or using SCP (with auditing for access and encryption in use) works really well for a home brew solution.

Schedule daily / hourly / etc changes, audit access to the password files and login events and you have an accurate history of who logged in.

Is there more risk in changing administrator password locally vs from a centralized location?

Community
  • 1
Tim Brigham
  • 3,762
  • 3
  • 29
  • 35
0

LastPass or 1Password seem like good solutions as their online which will be easier to update than something offline like KeePass. Better for premium then you setup a token with it but I’m not sure if that would work with sharing. Offline password managers would have to be synchronized up between the team as you each add to it and probably eventually lead to the same problems.

In the meantime this is better than your current process; however this is not a long term solution. Eventually you’ll need an organization wide solution to house and protect that information. Something that you can control, that can serve your organization's needs. What that means depends on your available resources, which I’m betting are too limited to afford a fully fleshed out system. That leaves you with inexpensive, short term solutions. But I think we're all accustomed to that.

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
Paraplastic2
  • 460
  • 2
  • 7