Hacker News new | ask | show | jobs
by celim307 3133 days ago
Dumb question: What's the best practice to share authentication credentials across the team for services that don't have an IAM feature?
9 comments
davb 3133 days ago
I've never used it in production (my last shop was heavily AWS based and relied on IAM), but I always like the look of Hashicorp's Vault [0]

https://www.vaultproject.io/

link
sidcool 3133 days ago
When it comes to security, there are no dumb questions.
link
T-Winsnes 3133 days ago
There are a few SaaS offerings that will let you do that. LastPass or onepassword are two commonly used.

One you can use something like keypass to store a database in a shared location if you don't trust the SaaS offerings.

If you are looking at storing credentials for automation purposes, and don't have a secret store built in, you could look at something like Hashicorp Vault to help provide this for you

link
dzhiurgis 3133 days ago
LastPass has a terrible track record in security, that was nicely edited out from wikipedia by a fresh user: https://en.wikipedia.org/w/index.php?title=LastPass&action=h...

The user in question has some specific interest in editing LogMeIn, parent of LastPass, pages: https://en.wikipedia.org/w/index.php?limit=50&title=Special%...

link
hanswesterbeek 3133 days ago
I think that something like Stack's Blackbox is the best idea. This ansible-based setup also explains the concepts pretty well: http://ansiblecookbook.com/html/en.html#how-do-i-store-priva...
link
cyrusaf 3133 days ago
In person I use a thumb drive. You could encrypt the credentials using PGP and send it to a coworker if they are remote.

Sometimes I just go on google hangouts and share my screen if I'm feeling lazy.

link
M4v3R 3133 days ago
We're using Keepass / MacPass password protected vault shared with the team using Dropbox. It's really good and essentially free to use if you use a free Dropbox account.
link
hollander 3133 days ago
Then make sure you use 2FA on the Dropbox account. And you should use a key + password to unlock keepass.
link
mister_popo 3133 days ago
Keepass and keybase team repo to sync.
link
danenania 3133 days ago
We launched EnvKey[1] a couple months ago to offer an easy-to-integrate solution to this issue.

1 - https://www.envkey.com

link
vor0nwe 3133 days ago
We use 1password for teams.
link