OK, this is a bit of a rip-off of Shamir’s Secret Sharing Scheme acronym, but it’s for a good cause.
One recurring and annoying thing to take into account when maintaining software infrastructure is how to store secrets safely so they can remain accessible when needed, while kept safe from attackers. There are several ways to do it, and one of my favorites is using pass.
I was thinking of using tomb as well to store a git repository of the password store, as it provides a paranoid vault that can be shared among people (including using the ssss approach). But this solution always sounded a bit too involved for people who might not be at ease with strong security requirements.
Enter git-crypt, which takes the opposite approach: instead of storing a Git repository within an encrypted vault, it stores encrypted files into a Git repository, which is a bit what pass already does.
So far I did not find a suitable approach to share a password store that is functional and does not give away too much information. E.g., when storing secrets, having the context in the file names makes it easier to find what you’re looking for, but reveals precious information to attackers, such as host names or services you use. Using a cryptic hierarchy makes it difficult for everyone, including sysadmins.
Therefore I’d like to discuss and experiment ways to store secrets where they belong in a top-level sysadmin repository that we could easily share, add people to, and maintain collectively. This topic is here to hold this discussion and eventually document our approach(es).
How do you handle shared secrets?