perl6-infra: service: Password handling

[rba]

Password handling

Category: run
Attributes/tags: backuped

As many of the dns hostings are only a "single user" solution, we need a place to put the infrastructure passwords.

Proposed solution

I would give https://www.gopass.pw/ a try. Seems to be similar like https://www.passwordstore.org/ with some tweaks for multiple persons.

Options

• A simple gpg encrypted txt file
• https://www.passbolt.com/ Yet needs a server to keep it running. More software, more possible security holes

Admins

• @rba
• @maettu
• who else?

[AlexDaniel]

A simple gpg encrypted txt file

That's exactly what pass does, and I believe gopass too. For example, you can edit these files with emacs or any other editor that can transparently decrypt/encrypt text files. Not quite sure how they make it work for multiple users though.

[rba]

I'm a long term 1Password user and I realised they offer free access to there team account for open source projects. https://github.com/1Password/1password-teams-open-source This would allow us to share passwords on a individual vault level. I will test it together with @maettu

I will have a look at the CLI https://support.1password.com/command-line-getting-started/ too, maybe this is helping us for automation. If not we can still put some secrets/tokens/passwords into gpg encrypted txt files or another command line tool.

For Linux users there are browser extensions for Chrome and Firefox: https://support.1password.com/explore/linux/

[AlexDaniel]

Seems like a good choice. That said:

For Linux users there are browser extensions for Chrome and Firefox

I have a feeling that the majority of devs are linux users. So there's a command line tool but no application for linux, is that right?

[Kaiepi]

Was worried for a minute *BSD wouldn't be supported, but looks like they are (along with Solaris!)

Edit: the command line tool, I mean

[rba]

I've started using 1Password for the perl6 infra stuff.

There are three vaults:

• perl6-everyone: In this vault everyone who joined the 1Password team-perl6 has automatically access. All passwords are seen by all team members.
• perl6-infra-general: Vault for all the infra passwords, shared with a small group of people, who does infrastructure work.
• perl6-infra-core: Vault with emergency access, passwords which are not used on a regular basis.

If you like to join the team-perl6, let me know in irc direct channel with "rba" and send me your email address. Everyone from the perl6 community is free to join.

[rba]

I've started using 1Password for the perl6 infra stuff.

There are three vaults:

• perl6-everyone: In this vault everyone who joined the 1Password team-perl6 has automatically access. All passwords are seen by all team members.
• perl6-infra-general: Vault for all the infra passwords, shared with a small group of people, who does infrastructure work.
• perl6-infra-core: Vault with emergency access, passwords which are not used on a regular basis.

If you like to join the team-perl6, let me know in irc direct channel with "rba" and send me your email address. Everyone from the perl6 community is free to join.

I've started using 1Password for the raku infra stuff.

There are three vaults:

• raku-everyone: In this vault everyone who joined the 1Password team-perl6 has automatically access. All passwords are seen by all team members.
• raku-infra-general: Vault for all the infra passwords, shared with a small group of people, who does infrastructure work.
• raku-infra-core: Vault with emergency access, passwords which are not used on a regular basis.

If you like to join the team-raku, let me know in irc direct channel with "rba" and send me your email address. Everyone from the raku community is free to join.