Ask HN: How do you handle sensitive information (passwords, SSH keys, etc.)?
I'd like to get some ideas of proper procedures for handling sensitive information of your company. Something like: how do you store your SSH keys, who can access those and how, how are they backed up, where are they stored?
Basically I'd like to prepare detailed procedure (checklist?) that would lower the possibility of losing this kind of important data.
4 comments
[ 3.3 ms ] story [ 20.6 ms ] thread1. All sensitive information is encrypted.
2. SSH keys are password protected.
3. I store passwords in LastPass, with a unique master password.
4. SSH keys are stored on my own computer and backed up with Dropbox.
Point #4 is obviously the weakest link, so I am looking to change that. However, so far, Dropbox's ubiquity justifies it. When my laptop died, I was able to download setup a new development machine in minutes.
For SSH keys, tax returns, other sensitive documents: True Crypt volume http://www.truecrypt.org/