Page MenuHomePhabricator

Look into credential sharing via GSuite
Open, Needs TriagePublic

Description

Our organisation has various password/login/credentials for low security systems (e.g. entry code to storage room, login information for application portals) which are used by more than one staff member.

We would like to make these accessible to one ore more subsets of our staff. Since GSuite is what we use to assigned access for other things it would make sure to use a system which is integrated with it.

Event Timeline

There are loads of these (e.g. TeamsID). It would be interesting to find one which is

  1. Free for non-profits
  2. Stores everything in Drive or similar, rather than having the data stored with a third party

We should probably set up some type of policy document related to this. That should make it clear that separate logins per person is preferable where that is supported. Both for security and for accountability/traceability.

Would also be of interest to see what other organisations in our sphere are using.

Lokal_Profil added a comment.EditedJan 22 2020, 8:37 AM

WMDE way:
Use something like KeePass (or other password manager) locally on computer, resulting file is encrypted, encrypted file is on uploaded to Drive (shared with people who need access). Encryption key is share via sneakernet.
Downsides

  • Granualarity: Need multiple files if some credentials should only be shared with certain individuals
  • Updating: Any update needs to be manually pushed to Drive, then people need to be pinged about manually updating their copy

KeePassXC would be an alternative which is still actively maintained, with better Linux support

The fiels can probably live in the Chefer drive and then be shared with bespoke groups

A good initial test group would be the drift team (meaning @Lokal_Profil and @Sebastian_Berlin-WMSE )