Hacker News new | ask | show | jobs
by _ikke_ 472 days ago
Systems that use shamirs secret sharing, like openbao, require multiple operators to unlock the secret engine.

Gitlab premium can also require multiple approvals before a merge request can be merged.
1 comments
hinkley 471 days ago
Yeah I’ve used HSMs that have those. But I’m talking about things like running deployments, changing production configurations, or rebooting servers.

Approvals don’t work, and I’ve already said as much. If approvals worked so well we wouldn’t have dual key systems at all.

link