Sharing credentials


#1

Hello,

Currently we need to change some informations sometimes somewhere sometimes somewhere else and it’s difficult to know where the credentials are to access on it. Example for external services where we need only one account.

Do we have already a tool or a service which manage our credentials like last pass or common key. They will allow us to share more easily credentials and help to manage some renew or changes.

Any ideas ?


#2

we can use a crypted message send by mail with gpg keys. Or like for atoum sharing a keepass file.


#3

Hello,

Thank you to bring this particular problem onto the table. I don’t know what secure solutions exist. Any ideas?


#4

@Grummfy Yep it can be a solution now where you stored this file ? Do you have any idea about it ?

@Hywan Currently, I use lastpass and commonkey to share credentials between several people. Regarding this 2 tools we can have a plugin to add on our browser to have directly access to credentials.

We can study this 2 solutions to looks about prod & cons and see if we want to take this kind of service. If you have another proposition about another tools to look at it feel free to add. The goal is to share credentials in a secure way.


#5

keepass => shared on a private gitlab, a dropbox, hubic, box, … account

lastpass I use it at work but midelly convince by it


#6

I use 1password because the database is stored on my computer, not on a third online service. It is not shared however.

What we can do is to use 1password on a server, with SSH access. We will share the master password together and maybe change it (if possible) monthly.

I have made some researches and I don’t see any decentralized password manager. cc @pierozi @CircleCode @jubianchi @iraphael.


#7

I lastly (2 years ago in fact) wondered the same, and found that pass can do the job (http://passwordstore.org/) when used with multiple gpg keys.

Here is a thread where i am asking questions about it: https://lists.zx2c4.com/pipermail/password-store/2015-June/001601.html

But I never took the time to test the multi gpg keys setup.


#8

see the last version of gpg


#9

So stephpy from verylastroom as develop an app for it i guess its the goal of the app i don"t know if its works :smiley: https://github.com/rezzza/vaultage


#10

To continue in favor of pass, multi recipients automation can be managed with the help of https://github.com/keymon/password-store-for-teams, which is just some helpers above pass (I think we should take the idea, bu write it in a better way ;-)).

In case you want something more user friendly, gopass does some efforts (but since they assume they can differ from pass, this can become a no-return choice - see https://github.com/justwatchcom/gopass/blob/master/docs/features.md#roadmap) :


#11

I have just seen this tool https://keybase.io/blog/encrypted-git-for-everyone?utm_source=ponyfoo+weekly&utm_medium=email&utm_campaign=84