-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
63 lines (47 loc) · 2.29 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
Secure password distribution (pwdistro) using GPG,
by Jeff Bachtel (Berico Technologies)
Introduction
This is a series of scripts that handle securely distributing
passwords to multiple authorized recipients using GnuPG
and a repository software such as git.
It does this by maintaining a directory of exported public
keys, with which it encrypts password information. All passwords
are given a uuid and are stored via that, no other information
about the passwords is available in cleartext on the filesystem.
To fetch passwords, all encrypted password files in a user's
directory (passwords/$USER/) are decrypted and matches to the
search string are displayed.
Commands
newkey.sh - Generate a new private/public key pair in gpg,
specifically for this application. The private key is stored in
the user's normal gpg keyring, and the public key is exported
into pubkeys/$USER
addpw.sh - Add a password to the database. It runs uuidgen to
generate a new UUID for the password, then creates encrypted
files passwords/*/$uuid.asc , each file encrypted with the public
key of a user
getpw.sh - Get password(s) from the database. It decrypts all
files in passwords/$USER/* and greps Site/Username/Comment fields
for a value passed as $1. If no filter value is passed, it returns
all passwords in the user's database
TODO
grantpw.sh - Grant access to a password to other user(s). For
instance, if a new employee joins and needs access to all existing
passwords
revoke.sh - Revoke access to an employee. This can be accomplished
now by removing their public key from pubkeys/$USER and removing
the passwords/$USER/ directory
updatepw.sh - Allow a user to update a password and distribute that
update
addpw.sh - Give an option to restrict the users to whom a password
is distributed
SECURITY CONCERNS
A user with access to the git repository can add themselves to
the database of public keys, or change another user's public key
so that future updates can be intercepted. This could be mitigated
via a keyserver, local storage of public keys (and prompting on change),
or git repository write restrictions server-side
A user can overwrite passwords for other users. This can be mitigated
by using VCS tools to retrieve particular file versions, or limiting
users to the creation of new files in passwords/* (via server-side
restrictions)