How to manage credentials on multiserver environment
- by rush
I have a some software that uses its own encrypted file for password storage ( such as ftp, web and other passwords to login to external systems, there is no way to use certificates ).
On each server I've several instances of this software, each instance has its own password file.
At the moment number of servers is permanently growing and it's getting harder and harder to manage all passwords on all instances up to date.
Unfortunately, some servers are in cegregated network and there is no access from them to some centralized storage, but it works vice versa.
My first idea was to create a git repository, encrypt each password with gpg and store it there and deliver it within deployment system, but security team was not satisfied with this idea and as it is insecure to store passwords in repository even in encrypted view ( from their words ).
Nothing similar comes to my mind. Is there any way to implement safe and secure password storage with minimal effort to manage all passwords up-to-date?
ps. if that matters I've red hat everywhere.