[57north-discuss] Password store

Robert McWilliam rmcw at allmail.net
Wed Jun 17 15:54:58 BST 2015

Previous message: [57north-discuss] Tech Meetup Thursday 17th
Next message: [57north-discuss] Space is open
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

We have been talking for a while about setting up something to store
passwords for things somewhere that would be accessible to more than
just the person looking after that thing. 

I have a plan that I think works without too much hassle: I've set up
a github repository to store a text file of passwords encrypted with
each of the directors PGP keys, and a couple of scripts to
encrypt/decrypt that [0]. 

I was initially thinking to have the file stored on one of the space
servers, but I think we want it under version control to catch
collisions in people editing it. We could setup git ourselves but I
think there is some value in this being hosted somewhere harder for us
to accidentally break and there shouldn't be any risk from the
repository being publicly readable. 

Could folks have a look at this and check I've not made some stupid
mistake and am actually leaking the plain text or using encryption
that is trivially cracked (trivial here means using less than a few
thousand pounds of computing time - if anyone is willing to put that
kind of resources into accessing this they could offer me a couple of
thousand pounds and there's a decent chance I'll give them the plain
text). 

I think it is possible to force a push to the repository that rewrites
the history to actually delete everything, but it's convoluted so not
something that's likely to be done by accident. The permissions to
delete the repository on github are also given to the same group, but
deleting the repository wouldn't be as bad as that wouldn't propagate
to local copies on pull. Do we trust everyone with commit access to
the hackerdeen github group not to maliciously delete this?

    Robert

[0] https://github.com/hackerdeen/passwords
________________________________________________________
Robert McWilliam     rmcw at allmail.net    www.ormiret.com

He who laughs last thinks slowest.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.57north.co/pipermail/57north-discuss/attachments/20150617/772e7fb3/attachment.sig>

Previous message: [57north-discuss] Tech Meetup Thursday 17th
Next message: [57north-discuss] Space is open
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the 57north-discuss mailing list