How to manage credentials on multiserver environment

Posted by rush on Server Fault See other posts from Server Fault or by rush
Published on 2013-06-20T12:24:07Z Indexed on 2013/06/25 4:23 UTC
Read the original article Hit count: 507

Filed under:

deployment

|

password-management

I have a some software that uses its own encrypted file for password storage ( such as ftp, web and other passwords to login to external systems, there is no way to use certificates ).

On each server I've several instances of this software, each instance has its own password file.

At the moment number of servers is permanently growing and it's getting harder and harder to manage all passwords on all instances up to date.

Unfortunately, some servers are in cegregated network and there is no access from them to some centralized storage, but it works vice versa.

My first idea was to create a git repository, encrypt each password with gpg and store it there and deliver it within deployment system, but security team was not satisfied with this idea and as it is insecure to store passwords in repository even in encrypted view ( from their words ).

Nothing similar comes to my mind. Is there any way to implement safe and secure password storage with minimal effort to manage all passwords up-to-date?

ps. if that matters I've red hat everywhere.

© Server Fault or respective owner

Related posts about deployment

ClickOnce manifest problem

as seen on Stack Overflow - Search for 'Stack Overflow'
We are currently deploying a WPF 4 app via click once and there is a scenario when the installation fails. If the user does not have .Net 4.0 Full install and attempts to install our app the framework installs fine but the app fails to install. If we re-run the installation again the app installs… >>> More
Creating block devices for openstack deployment using MAAS and juju (nova-volume deployment)

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Hi, I'm currently trying to get a openstack deployment working by using MAAS with 9 nodes and juju. To do this I found this guide, working with ubuntu 12.04 LTS https://help.ubuntu.com/community/UbuntuCloudInfrastructure and followed it as good as I can. After a vigorous amount of trial and error… >>> More
Error launching application after ClickOnce deployment - "An application for this deployment is alre

as seen on Stack Overflow - Search for 'Stack Overflow'
As part of my continuous integration build the application is deployed as a ClickOnce application. This works great the first time, but when I try the launch the app after an update has been deployed I get the following error. An application for this deployment is already installed with a different … >>> More
JBoss 7.1.1 + Spring 3.1 + JPA 2 (Hibernate 3.6.8) > Cannot parse beans.xml

as seen on Stack Overflow - Search for 'Stack Overflow'
Trying to deploy a JSF 2 app with Spring 3.1 + JPA 2 (Hibernte 3.6.8) into JBoss 7.1.1 AS. The app was working fine on tomcat 7. Now, I have already added and changed some configurations. Added jboss-deployment-structure.xml <jboss-deployment-structure xmlns="urn:jboss:deployment-structure:1… >>> More
Disable Java Hardware Acceleration in windows?

as seen on Super User - Search for 'Super User'
I have some issues with my graphics card and I want to disable Hardware Acceleration for java apps. Everything that uses HA is displayed blurry. I've seen some tutorials on how to set this parameter -Dsun.java2d.d3d=false The problem is that the Java Control panel itself is using hardware acceleration… >>> More

Related posts about password-management

Company Password Management

as seen on Server Fault - Search for 'Server Fault'
The topic of personal password management has been covered in great detail time after time. This question is aimed at the business or organization that needs to keep track of many unique passwords for many clients. What are some strategies/tools or ideas you all have for accomplishing this task? I… >>> More
Company Password Management

as seen on Server Fault - Search for 'Server Fault'
The topic of personal password management has been covered in great detail time after time. This question is aimed at the business or organization that needs to keep track of many unique passwords for many clients. What are some strategies/tools or ideas you all have for accomplishing this task? I… >>> More
Unix Password Management Keyring

as seen on Super User - Search for 'Super User'
I am looking for a password manager for a command-line Unix environment. So far all I can find are keyring applications for Windows, Linux, and Mac. But no command-line Unix interfaces. My main goal is to be able to access a password keyring through an SSH connection to a machine that has no graphical… >>> More
Password Management for Oracle WebLogic customers

as seen on Oracle Blogs - Search for 'Oracle Blogs'
One of the most common requests for enhancements I get across my desk is that customers wish to allow end users to change their passwords from our products. Now, typically password management is not in the realm of individual applications but it is an infrastructure requirement, so we don't usually… >>> More
Local Password Management

as seen on Super User - Search for 'Super User'
In our office (and I am sure many others) we access various websites and tend to share one account with our team. For example, we share credentials to Ebay and change them every few weeks to maintain some sense of security. However, we know this does not allow for any type of accountability for… >>> More