[Marketing] Marketing-trac: #229: Shared, secure password distribution

#229: Shared, secure password distribution ---------------------------------+------------------------- Reporter: jflory7 | Owner: Type: enhancement | Status: new Priority: normal | Milestone: Fedora 24 Component: Internal operations | Severity: not urgent Keywords: meeting | Blocked By: Blocking: | ---------------------------------+------------------------- = Problem = In [https://lists.fedoraproject.org/archives/list/marketing@lists.fedoraproje... previous discussions], we had talked about secure password management and distribution to safely and securely distribute confidential information such as passwords for social media accounts or other Fedora-related, shared accounts. We need a system that can handle having multiple "caretakers" that manage all the passwords, user accounts that can individually access certain accounts / passwords, have some kind of convenient way to regenerate passwords if a user is removed or has their privileges changed. = Analysis = When we discussed this originally, we decided to approach the Infrastructure team to get their feedback / ideas on such an idea about how to manage this. We also wanted to answer questions such as… * How many people will need access to the passwords? * How much data would be stored (e.g. how many passwords, for what services, is it small-scale or large-scale, etc.)? * How often will access to a password be granted? * How often will access to a password be revoked? = Enhancement Recommendation = === pass === The Infrastructure team originally proposed for us to consider using [https://www.passwordstore.org/ pass], a Unix command line password management utility. Pass uses GPG keys to encrypt passwords and can synchronize them via git. '''Advantages''' * Lightweight, easy to maintain (theoretically) * Uses tried and trusted tech to secure passwords (GPG) * Little overhead to maintain a secure repository within Fedora's Infrastructure '''Disadvantages''' * No per-user customization (anyone whose GPG key id is added to the repository has access to all passwords) * Requires anyone with access to have understanding and reliability to use GPG as expected * A compromised key could cause issues if someone who needs access is not extremely familiar with using GPG. * Changing passwords in the event of a dropped GPG key means changing ALL passwords in the entire repository for everyone (no modularity in terms of a user who should have access to a subset / specific password) === Rattic === I've never used Rattic or do I know much about it, but it seems like a more complete solution than pass. I'm going to CC Brian Proffitt to this ticket in case he can add more context to this discussion. Eventually, after discussing in a meeting, we'd like to take a vote on this and bring a formal proposal to the Infrastructure team. -- Ticket URL: <https://fedorahosted.org/marketing-team/ticket/229> Marketing Team <https://fedoraproject.org/wiki/Marketing> The Trac site for the Fedora Project Marketing team. This Trac serves as a place to list out tasks, define objectives, and work on monitoring our progress with key tasks and goals.