busfactor about governance-and-guidance HOT 15 CLOSED

A default for now could be Keybase.io.

from governance-and-guidance.

Bitwarden is an open source alternative to 1password that offers free hosting options.

from governance-and-guidance.

Hashicorp Vault might be a good option, but requires you to set up your own server for it. It’s also open source.

1Password might be an easier option if you’re ok with a closed source, hosted option.

from governance-and-guidance.

Vault is excessive and high maintenance. It was considered for Amethyst, but deemed too much of a risk because of the requirements to not get locked out of your own instance/data. Otherwise, yes, it would be a decent option.

Bitwarden would not be free for us, as our needs go above what they offer for free. Last I knew self-hosting did not remove those costs, though I just asked in their Gitter to double check.

from governance-and-guidance.

Currently I'm trying out a self-hosted passbolt under the https://teamopen.org/ name. So far it does the job and has comprehensive access control for groups and individuals 👍

I've also tried bitwarden and think passbolt is easier to host. Also worried bitwarden itself may suffer from bus-factor risks. (compare this with this)

Hashicorp Vault might be a good option, but requires you to set up your own server for it. It’s also open source.

On the server point, I have the idea to use https://teamopen.org/ for shared infrastructure you commonly need in OSS development. Such as sharing secrets. So perhaps this is something we can collaborate on.

That said, Vault looks like a really cool system. But isn't something designed for shared infrastructure, because it uses an in-memory master key and is expected to be serviced by high-trust internal security experts (see architecture doc). Where passbolt uses GPG for E2E encryption. So I wouldn't feel comfortable running anything more than an (encrypted) storage replica 😅

from governance-and-guidance.

1+ for Keybase.io.

from governance-and-guidance.

I've gotten confirmation, Bitwarden still requires a license to use, unless we rip the license-checking code out, which the license on the codebase does let us do... but it's a rather immoral thing, as an OSS project ourselves.

from governance-and-guidance.

So, Keybase.io or Passbolt, I guess are our two current options? The former is 100% free and hosted for us, with true E2E encryption.

from governance-and-guidance.

Hosting does cost money though, so the only completely free option is a non-self hosted solution. In addition, bitwarden premium costs like $10 a year versus $5 a month for a digitalocean droplet.

from governance-and-guidance.

We've already got a digital ocean droplet; we could potentially piggyback on top of that.

from governance-and-guidance.

Then we have to maintain Passbolt, while we wouldn't need to maintain Keybase.io

from governance-and-guidance.

I definitely don't think it's a good idea to mix production services with org infrastructure on the same underpowered VM. Would rather spin up a new droplet. But we also need a mail service. I think those two together would be OK.

from governance-and-guidance.

But in the sense of opsec, we shouldn't discuss the details here in this public issue I suppose.

from governance-and-guidance.

Mail and Front facing apps shouldn't be an issue on the same VM. Tons of apps and organizations work that way. Even something like keybase wouldn't be a problem, its not very heavy and its not something that could be located with a proper DNS setup.

Out of curiosity, why are we not using Github secrets? You can store up to 100 on a repo and encrypt larger ones etc. Seems like a easier solution then self hosting something else. Could use something like blackbox as well. Don't have to host anything and it just encrypts the files on our repo.

There are a bunch of other encryption solutions that work this way as well. Perhaps we don't want to focus on github exclusively? But we should also be rolling out some kind of redundancy if thats the case via mirrors on gitlab and bitbucket.

from governance-and-guidance.

Meanwhile 😆

While busfactor is something to constantly improve on, as far as sharing secrets goes we do have a sponsored Padloc in use for a little while now, which is the preferred solution when sharing is necessary. The preferred solution would be to use services that support multiple admins so each admin can maintain independent credentials.

Always happy to restart busfactor discussions, but I think Padloc serves the needs discussed here.

from governance-and-guidance.