#229: Shared, secure password distribution
---------------------------------+-------------------------
Reporter: jflory7 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Fedora 24
Component: Internal operations | Severity: not urgent
Keywords: meeting | Blocked By:
Blocking: |
---------------------------------+-------------------------
= Problem =
In
[
https://lists.fedoraproject.org/archives/list/marketing@lists.fedoraproje...
previous discussions], we had talked about secure password management and
distribution to safely and securely distribute confidential information
such as passwords for social media accounts or other Fedora-related,
shared accounts.
We need a system that can handle having multiple "caretakers" that manage
all the passwords, user accounts that can individually access certain
accounts / passwords, have some kind of convenient way to regenerate
passwords if a user is removed or has their privileges changed.
= Analysis =
When we discussed this originally, we decided to approach the
Infrastructure team to get their feedback / ideas on such an idea about
how to manage this. We also wanted to answer questions such as…
* How many people will need access to the passwords?
* How much data would be stored (e.g. how many passwords, for what
services, is it small-scale or large-scale, etc.)?
* How often will access to a password be granted?
* How often will access to a password be revoked?
= Enhancement Recommendation =
=== pass ===
The Infrastructure team originally proposed for us to consider using
[
https://www.passwordstore.org/ pass], a Unix command line password
management utility. Pass uses GPG keys to encrypt passwords and can
synchronize them via git.
'''Advantages'''
* Lightweight, easy to maintain (theoretically)
* Uses tried and trusted tech to secure passwords (GPG)
* Little overhead to maintain a secure repository within Fedora's
Infrastructure
'''Disadvantages'''
* No per-user customization (anyone whose GPG key id is added to the
repository has access to all passwords)
* Requires anyone with access to have understanding and reliability to use
GPG as expected
* A compromised key could cause issues if someone who needs access is not
extremely familiar with using GPG.
* Changing passwords in the event of a dropped GPG key means changing ALL
passwords in the entire repository for everyone (no modularity in terms of
a user who should have access to a subset / specific password)
=== Rattic ===
I've never used Rattic or do I know much about it, but it seems like a
more complete solution than pass. I'm going to CC Brian Proffitt to this
ticket in case he can add more context to this discussion.
Eventually, after discussing in a meeting, we'd like to take a vote on
this and bring a formal proposal to the Infrastructure team.
--
Ticket URL: <
https://fedorahosted.org/marketing-team/ticket/229>
Marketing Team <
https://fedoraproject.org/wiki/Marketing>
The Trac site for the Fedora Project Marketing team. This Trac serves as a place to list
out tasks, define objectives, and work on monitoring our progress with key tasks and
goals.