Ask HN: How To: Store and share passwords in a company?

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com

Nutrient - The #1 PDF SDK Library
Bad PDFs = bad UX. Slow load times, broken annotations, clunky UX frustrates users. Nutrient’s PDF SDKs gives seamless document experiences, fast rendering, annotations, real-time collaboration, 100+ features. Used by 10K+ devs, serving ~half a billion users worldwide. Explore the SDK for free.
nutrient.io
featured
CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
  1. pass-import

    A pass extension for importing data from most existing password managers

    I can only say that using pass (https://www.passwordstore.org/) is an absolute nightmare, in case anyone would consider that.

    It seems like perfect simplicity built on time-tested cryptography: store pgp-encrypted files in a git repository. We already had an internal git server and used PGP internally, it was the perfect marriage. The tool provides the common functions like selecting which colleagues to encrypt for, finding an entry and copying it to clipboard... but think of the moment your organization changes. Everyone has access to everything offline, which is great if you need it during downtime, but also you'd need to rotate all credentials (probably dozens or hundreds of entries) whenever someone leaves. Re-encrypting everything to remove an old key is pointless because the git history will provide an attacker with whatever version they need.

    Offline access is useful for selected credentials but, to avoid unnecessary rotations, should not be the default unless you're a sysadmin mentioned on disaster recovery team

    Skimming the recommendations, so far there are no tools mentioned that don't require maintaining another service or that can't read your data. At least pass had that going for it

  2. Nutrient

    Nutrient - The #1 PDF SDK Library. Bad PDFs = bad UX. Slow load times, broken annotations, clunky UX frustrates users. Nutrient’s PDF SDKs gives seamless document experiences, fast rendering, annotations, real-time collaboration, 100+ features. Used by 10K+ devs, serving ~half a billion users worldwide. Explore the SDK for free.

    Nutrient logo
  3. dbchaos

    Stress-test your database with pre-defined queries

    While building Adaptive (https://adaptive.live), I have been working very closely with regulated industries, financial institutions, healthcare orgs. Traditionally, people have been using Cyberark to do Identity management, paired with Privilege access management.

    There are some modern Privileged Access Management platforms like Strongdm, teleport, us and few more in the market that works well with cloud and modern application architectures.

    There is debate in the industry whether access should be given or not. There is pros and cons for either of them. This purely depends on the culture of the org in my opinion. But in scenario, you really have to give access, it should have the least privilege as well it should be time bound. Also, all the operations should be audited and recorded.

    I believe you should have zero standing access in the org, but there are always use cases like data repair and administration where you have to give access to users. In that scenario, the access should be limit, time bound and audited. Also, you have to make sure you run access review campaigns and checks for over privileged or unused users.

  4. KeePass2.x

    unofficial mirror of KeePass2.x source code

    https://keepass.info and share the database file on a shared folder or sync it somehow.

  5. direnv-1password

    1Password helpers for direnv

    Most services are connected through SSO, so those won't have passwords and are automatically shut down when the user leaves the company.

    All employees also have a 1password account for which we can store individual passwords for the services that are not connected through SSO.

    For some services we only have a single token/service account which we need to share within the team. Often they were stored in a `.env` file, but that tend to be a burden for onboarding and quite a bit of maintenance for each individual.

    Within my current team we share them using direnv and https://github.com/tmatilai/direnv-1password. Nothing gets stored on disk, they are loaded into the shell on-the-fly. Developers use their fingerprint to unlock 1password whenever they enter the project directory to load the secrets.

    People leaving the team does still require manual password rotation, but at least not everyone in the team needs to update their `.env` file this way.

  6. infisical

    ♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

    You might want to take a look at Infisical (https://infisical.com)

  7. PasswordPusher

    🔐 Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs.

    Other than the popular password managers mentioned you can try Password Pusher [0]. It's open source, can be self-hosted, and has options like expire link after n loads or days.

    [0] https://github.com/pglombardo/PasswordPusher

  8. Polykey

    Polykey Core Library

  9. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  10. Polykey-CLI

    Polykey CLI - Open Source Decentralized Secret Sharing System for Zero Trust Workflows

  11. js-id

    ID generation for JavaScript & TypeScript Applications

  12. sso-wall-of-shame

    A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Move hardcoded secrets to a Secrets Manager

    1 project | dev.to | 13 Oct 2024
  • Show HN: Infisical PKI – Open-Source Private CA and Certificate Management

    1 project | news.ycombinator.com | 29 Jul 2024
  • Ask HN: Where do you save your API keys?

    1 project | news.ycombinator.com | 13 Feb 2024
  • Secure Credential Management in Ansible on a Shared Server?

    1 project | /r/ansible | 5 Dec 2023
  • A simple developer-friendly CLI for managing secrets

    1 project | /r/computerscience | 22 Jul 2021

Did you know that TypeScript is
the 1st most popular programming language
based on number of references?