Store system passwords with easy and secure access

security unix password

I'm having to handle several VPS/services and I always set passwords to be different and random.

What kind of storage do you suggest to keep these passwords safe and let me access them easily?

These passwords are used for services like databases, webserver user and so on that run customers' services, so it's really important to keep them in a safe place and strong. I'm actually storing them in a google drive spreadsheet file, describing user, password, role, service.

Do you know of better solutions? I'd like to keep them on a remote service to make sure I don't have to make backup copies (in case my hdd would fail somehow).

I do work on *nix platforms (so windows specific solutions are not a choice here).


Solution 1:

You can use keepass for this it has Linux and Windows application also Android one.

You can have your passwords in keepass encrypted with password and key file, have the key file on all your devices and the encrypted database (without the keyfile) on DropBox.

This way you can acces it from anywhere, because the encrypted database are stored in the cloud but without the keyfile. I think it is safe enough.

Solution 2:

You should definitely note store them in the clear on the cloud. That's just asking for trouble!

What you can do is encrypt them yourself and then keep a copy of the encrypted file in the cloud. That way, assuming you have not used a bad password for the encryption, your passwords are securely stored off-site.

You could do this manually with a text file saved inside a TrueCrypt vault that you keep on DropBox or something. But that would not really be that easy.

Instead, you could use a password manager that will do this for you. There are password managers that will save your password in encrypted form, and then sync this encrypted file between your devices. An example of a password manager that can do this for you would be 1Password.

Ultimately, the key is pre-egress encryption - i.e. it needs to be encrypted before it leaves your computer, do not rely on cloud security to keep your critical data safe, encrypt it yourself first.

Related

How to secure memcached?
Fail to mount image files in windows server 2012
Ram recommendations vs SQL DB size
Server freeze - how to debug
HTTP/1.1 Status Codes 400 and 417, cannot choose which
Flash Backed Write Cache (FBWC) without capacitor pack
Install xdebug for php 5.3.17 on centos 6.3 (final)
TCP connection stuck in SYN_RECV state despite ACK received, Linux 2.6.18, embedded, ARM
Is this IPv4 and subnet combination public or private? [duplicate]
If a managed network switch were to overheat, would you consider it no longer reliable?
How to 'undeclare' a custom function in a loop
Auto restart server if virtual memory is too low