This is about to get blurry. I am using secrets here to talk about password management and vaulting of secrets.
Generally if we are wanting to store or vault secrets we are in reality talking about a number of different items. These could be a password; certificate; or a key. We might not even want to be able to retrieve a key that is a little special. Say a TOTP key. That is based on the time we should be able to find the six digit code, The google authenticator apps is great for this. And just like that now we are talking about Muli Factor Authentication (MFA)
We said that this is blurry – how so?. If you can store a password, key, certificate, or token, what the heck, we might want to vault entire files. The files could be configuration files. Or perhaps they are documentation or a mp3 or movie collection. Its this very versatility and flexibility that makes for a slippery slope. The subject matter can then slide into whatever you need it to be. I can’t help that. You should be aware slide. 🙂
Having said that let’s briefly outline some providers
- Hashicorp – Vault
- Cyberark
- LastPass
- Password1
- Norton Password Manager
- Bitwarden
The devil as they say is in the details. The questions can vary from is this an onsite solution or a cloud based solution. Are there backups. Who controls the keys and encryption. Can I have replication. Can I have a hybrid onsite + cloud solution that is synced. Can I store files. Can I integrate access with a PAM or other identity management tools.
Identity Management tools are a slippery slope as they provide a directory service or link to a directory service. Verification can then be granular based even on profiles (Geography, Time, Phase of the moon)