Opened 6 months ago

Last modified 7 days ago

#29677 assigned task

evaluate password management options

Reported by: anarcat Owned by: tpa
Priority: Low Milestone:
Component: Internal Services/Tor Sysadmin Team Version:
Severity: Major Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by anarcat)

during the org/meetings/2017Montreal/Notes/BusFactor session, one of the things that was discussed was the password management system that is (was?) stored in SVN. Specifically:

  • We need a better password management solution than the one we have in corporate SVN right now.
  • We should look over if the password's in this database should be rotated.
  • Figure out if the passwords for paypal have been rotated by Jon et al and ensure that it will be put in the password database. We should also look into the "paypal dongle" or 2-step authentication?

I have some experience reviewing password managers, so I might be able to provide some advice here if someone expands on the requirements and problems with the current approach.

Child Tickets

Change History (4)

comment:1 Changed 6 months ago by anarcat

I just found out there's a password manager database in git, in ssh://git@git-rw.torproject.org/admin/tor-passwords.git, which is built with weasel's pwstore. not sure how it relates with the discussion in brussels.

comment:2 Changed 5 months ago by anarcat

there's also a KeePassXC instance somewhere used by jon, sue and sstevenson at least.

comment:3 Changed 5 months ago by anarcat

note that another form of password management is the hkdf() function implemented in puppet, for which I am considering using Trocla as a replacement. but that's not really a user-visible password manager, see #30009 for that discussion.

comment:4 Changed 7 days ago by anarcat

Description: modified (diff)
Note: See TracTickets for help on using tickets.