user gone and expiring access

GOYOT Martin martin at piwany.com
Fri Feb 22 00:15:03 CET 2019


Hi!

You might be interested in looking into something like hashicorp vault for
shared secrets. The use case you are mentioning is a common yet Hard to
deal with one that is solved by Vault for instance. I only know this tool
but others might exist.

Le ven. 22 févr. 2019 à 00:05, Tobias Girstmair <t-passwd at girst.at> a
écrit :

> On Fri, Feb 22, 2019 at 11:55:22AM +1300, Steve Gilberd wrote:
> >Lars - nothing prevents the user from using the Yubikey to create a
> >decrypted copy,
>
> hardware tokens generally don't allow you to extract the private key
> again.
>
> >or re-encrypting to an additional key controlled by the
> >user.
>
> agree. (or just keeping the plaintext around)
>
> >While a hardware token is a good idea, confiscating it doesn't
> >provide a secure solution to denying an untrustworthy user access to the
> >password store. The only safe option is to change the passwords.
>
> indeed. the OP might be interested in
> https://github.com/ddevault/pass-rotate , a tool to help change
> passwords on multiple online services automatically.
> _______________________________________________
> Password-Store mailing list
> Password-Store at lists.zx2c4.com
> https://lists.zx2c4.com/mailman/listinfo/password-store
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/password-store/attachments/20190222/3247c414/attachment.html>


More information about the Password-Store mailing list