Hi! You might be interested in looking into something like hashicorp vault for shared secrets. The use case you are mentioning is a common yet Hard to deal with one that is solved by Vault for instance. I only know this tool but others might exist.
Le ven. 22 févr. 2019 à 00:05, Tobias Girstmair <[email protected]> a écrit : > On Fri, Feb 22, 2019 at 11:55:22AM +1300, Steve Gilberd wrote: > >Lars - nothing prevents the user from using the Yubikey to create a > >decrypted copy, > > hardware tokens generally don't allow you to extract the private key > again. > > >or re-encrypting to an additional key controlled by the > >user. > > agree. (or just keeping the plaintext around) > > >While a hardware token is a good idea, confiscating it doesn't > >provide a secure solution to denying an untrustworthy user access to the > >password store. The only safe option is to change the passwords. > > indeed. the OP might be interested in > https://github.com/ddevault/pass-rotate , a tool to help change > passwords on multiple online services automatically. > _______________________________________________ > Password-Store mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/password-store >
_______________________________________________ Password-Store mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/password-store
