We're having a bit of trouble managing passwords while keeping it secure and reasonably convenient across our development team.<p>We have tried a number solutions such as written notes on sealed envelopes with a logbook to access (our oldest 'system'), to an SQL database with a custom application, to a LastPass account with a shared master password.<p>The passwords that we are trying to manage range from credentials for remote desktop, custom applications to SQL auth. We're looking for a system that has to be secure, available to junior devs and editable by senior devs. Also, there are frequent movement on our teams, as well as several vendors which complicate things.<p>What can you guys suggest? Also, what do you guys use?
I highly recommend PasswordState[0].<p>We run it on an internal-only server, only accessible via 2fa.<p>Edit: The one time I found a software bug, the developer sent me a fix within an hour.<p>[0] <a href="http://www.clickstudios.com.au" rel="nofollow">http://www.clickstudios.com.au</a>
everyone should have an ssh key that can be added to certain groups. Or a login to a VPN, or otherwise. Have some devops people responsible for managing access, i.e. adding people to appropriate groups when needed, and removing them when they leave (or are let go).<p>rely as little as possible on 'passwords'. instead, use google apps and google oauth logins, that have an 'admin' interface where you can turn them off if need be...