DEV Community

Cover image for Keeping all those passwords secure... What do you to save all your tool/server keys and passwords?
Darrin Deal
Darrin Deal

Posted on

Keeping all those passwords secure... What do you to save all your tool/server keys and passwords?

Recently, I found myself in need of storing passwords for multiple applications. They range from client passwords to internal tools. Managing these passwords has been a pain. I love LastPass but was wondering what is everyone else's solution?

Our current process is pass secure data around using AWS KMS but once it gets to me I then need to store that somewhere. It would be nice to have a tool that easily separated secure data by client or internal. Thoughts?

Top comments (14)

Collapse
 
zoppatorsk profile image
Zoppatorsk

hmm.. I use a text-file called passwords.txt ;) .. yeah, not that safe and secure but on the other hand those passwords are not critical.. critical ones are stored in my brain (yeah, wld not call that safe either cuz my memory ain't what it used to be, but at least secure.. haha).

Collapse
 
theaccordance profile image
Joe Mainwaring

1Password.

Not only are my teams using it for sharing credentials across our environments and services, but my SRE team decided last week to implement a pilot of 1Password's Secret Management solution!

Moving to 1Password shifts the encryption responsibility of our secrets away from my engineering team, which has never been a pleasant process, and it will enable us to de-duplicate secrets that would otherwise have to be kept in sync with our current implementation.

Cost-wise, it's also a super-cheap addition to regular 1Password, my expected increase in cost is $29/mo USD.

1Password also has a CLI, enabling my engineers to fetch values from shared vaults and add them to local files like .env

Collapse
 
alinp25 profile image
Alin Pisica

For the last year, LastPass... Pretty happy with it, notes, addresses, cards, shared across devices. I just love how it's developed around the idea of "Trust no one" and it makes me feel pretty safe. And the master password I don't store it anywhere, it's mostly in my brain, I have just a paper with some questions and hints hidden in a drawer, in case of a memory failure...

Collapse
 
scchip profile image
Chip James

Same here. Would add that in addition to my brain, I store my master password in LastPass and share it with my significant other (no secrets, right). If both of us forget our master passwords, then we're screwed but that hasn't happened yet.

Collapse
 
hcamacho4200 profile image
Henry Camacho

Bitwarden

Collapse
 
iizmotabar profile image
Motabar Javaid

1Password could be a very good option. Its secure, easy to use and comes with a lot of useful features. Not to mention it offers one of the best encryption methods (256-bit AES) and 2Factor Auth.

Collapse
 
waycroft profile image
Tyler Termini

+1 for Bitwarden. Not necessarily something I'd recommend to my mom, but definitely to someone tech-savvy. Open-source, dirt-cheap, and nice ability to save "secure notes" (as well as credit cards, IDs, normal username/password combos, and even 2FA TOTPs so you don't have to pull out your phone). Browser extension, desktop app, awesome password generator with all the options you need, keyboard shortcuts...it does it all. Way better than my experience with LastPass.

Also let's you create teams/orgs so you can keep your personal keys/passwords separate from your work.

Collapse
 
joshpike profile image
Josh Pike

Solo dev here... actual site passwords (bitbucket, stripe, DO, etc.) are in 1Password. But server credentials (IPs, sudo, db, etc.) I've just been storing with SnippetsLab locally. I guess I could move them over to 1P, but as long as I'm solo, it works for me.

Collapse
 
abhishektripathi profile image
Abhishek Tripathi • Edited

Bitwarden is open source with a premium plan.

bitwarden.com

Collapse
 
makendrang profile image
MakendranG

Lastpass

Collapse
 
parroz4 profile image
parroz4

Bitwarden because it's free (Lastpass before)