# Centralized, encryption key / credential system



## anomie (Jun 1, 2010)

Honourable FreeBSD sysadmins and devs:

Any suggestions for a FOSS encryption key / authentication credential system? IOW, I need a safe place to stick me passwords -- where they can be accessed by others (which should eliminate any lewd replies). Data should be stored in encrypted form, using a known, vetted cipher (e.g. AES). 

This needs to be something we can manage locally, rather than a third-party service offering. I don't care if it's web-based or if it requires some form of thick client.


----------



## SirDice (Jun 1, 2010)

I'm guessing you're looking for a password manager? Authentication and/or credentials are somewhat different.

My favorite unfortunately isn't in the ports tree, I use it quite a lot at work. http://keepass.org

Looking through the ports tree I do see security/gpass and security/gorilla. Neither look like they're centralized though.

One idea is to store the keys/passwords in an LDAP database.


----------



## anomie (Jun 1, 2010)

Yes, I need a place to keep passwords, encryption keys, et al. 

This data will need to be encrypted, such that if someone were to walk off with the disk, they'd have a good bit of work ahead of them to get anything useful. (i.e. Clear text in a db or flat file won't do.) 

I will take a close look at KeePass (that's http://keepass.info/ ). I might see if I can run it on a central host and have everyone forward X11 sessions to use it. I'll take a look at the other two GUI clients you mentioned, too. 

-------

If there are any other inspirations on this topic, please do share.


----------



## graudeejs (Jun 1, 2010)

security/keepassx is my favorite


----------



## Carpetsmoker (Jun 1, 2010)

Funny, I actually wrote a password manager last weekend. Adding a web interface was is "the list" for this week/coming weekend.

I've used pwman for a very long time. Which works more or less (but not without issues).


----------



## anomie (Jun 2, 2010)

killasmurf86 said:
			
		

> security/keepassx is my favorite



I'll take a look. 



			
				Carpetsmoker said:
			
		

> Funny, I actually wrote a password manager last weekend. Adding a web interface was is "the list" for this week/coming weekend.



Keep us posted if you put it in ports.  My WAG is there will be an uptick in interest for this sort of thing as shops get more serious about adhering to certain infosec policies.


----------



## SirDice (Jun 2, 2010)

I would be very interested in some centralized thingy. Encrypted database of course but also so multiple people (each with their own key/password) can access it. Some sort of user management would be great (which user can access which password/key).


----------



## tracphil (Nov 7, 2010)

I like this when I am in a Linux shop, but I have not tried it on FreeBSD

http://www.harry-b.de/dokuwiki/doku.php?id=harry:cpm


----------

