|
|
|
|
|
|
by dljsjr
998 days ago
|
|
|
If you're not using an MFA mechanism attached to your SSO (Google Authenticator or Okta or something) then that's a completely separate issue. There shouldn't be that much risk in letting all of your SRE's have access to the root credentials; you can lock down who can see what in your vault based on roles for any PW manager worth anything. You could also rotate the root password every time there's a departure from the teams that have visiblity if it's that big of a deal. |
|
|