We're a small team in a university setting, 7 members, of which 3 are not really involved in our system/need quick access.
We now use pass (passwordstore.org) and Git on a in-house repository. This of course requires that all members that need access to secrets maintain a properly secured GPG Key. Strict hierarchy and access on a as-needed basis for every person. Integrates beautifully with Ansible, which we use for CM and Deployment.
Before that we used a mixture of Keepass and Ansible Vault, which had the restriction of one global password that everyone knew, so we needed to split this file up into two for two separate "security levels", which was really cumbersome. Syncing was really annoying. Transfering from Keepass to Ansible Vault was a pain, so we started keeping passwords only in vault. Accessing a secret? Open your personal Keepass to get the Password for the Group Keepass, Extract the Vault Password, Open the Vault, read the secret.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
We're a small team in a university setting, 7 members, of which 3 are not really involved in our system/need quick access.
We now use pass (passwordstore.org) and Git on a in-house repository. This of course requires that all members that need access to secrets maintain a properly secured GPG Key. Strict hierarchy and access on a as-needed basis for every person. Integrates beautifully with Ansible, which we use for CM and Deployment.
Before that we used a mixture of Keepass and Ansible Vault, which had the restriction of one global password that everyone knew, so we needed to split this file up into two for two separate "security levels", which was really cumbersome. Syncing was really annoying. Transfering from Keepass to Ansible Vault was a pain, so we started keeping passwords only in vault. Accessing a secret? Open your personal Keepass to get the Password for the Group Keepass, Extract the Vault Password, Open the Vault, read the secret.