[H-SASIG] Passwords and secret's
Russell Stuart
russell-humbug at stuart.id.au
Sun Dec 20 23:31:17 EST 2009
This problem we have with passwords and other secrets is driving me
nuts.
What problem is that you ask? The one were none of us know our DNS
registrars details, for instance. (Well I do now, but that is beside
the point.) How many people here know the root password? Or the
mailman admin password?
This is a problem. I am putting up a rather simple solution that I will
implement if there are no objections.
We create a file called
"/usr/local/doc/humbug-secrets/humbug-secrets.txt", and encrypt it using
all the gpg keys under the directory
"/usr/local/doc/humbug-secrets/gpg-keys". I (or someone) also provides
a script called "/usr/local/doc/humbug-secrets/humbug-secrets" that
opens it, allows you to edit/view it, then re-encrypts it if changed. I
guess the entire bundle under /usr/local/doc/humbug-secrets could even
be made available via the wiki.
If we loose excalibur, the file will be available from the backup, by
definition. All info needed to get to the backup will be kept in the
Exec cash box. That should not be necessary, as you all have a copy -
right?
Anyone have a problem with this?
More information about the Sasig
mailing list