Ask HN: How do you handle sensitive information (passwords, SSH keys, etc.)?

5 points by miGlanz ↗ HN
I'd like to get some ideas of proper procedures for handling sensitive information of your company. Something like: how do you store your SSH keys, who can access those and how, how are they backed up, where are they stored?

Basically I'd like to prepare detailed procedure (checklist?) that would lower the possibility of losing this kind of important data.

4 comments

[ 3.3 ms ] story [ 20.6 ms ] thread
I'm working on a two-man project.

1. All sensitive information is encrypted.

2. SSH keys are password protected.

3. I store passwords in LastPass, with a unique master password.

4. SSH keys are stored on my own computer and backed up with Dropbox.

Point #4 is obviously the weakest link, so I am looking to change that. However, so far, Dropbox's ubiquity justifies it. When my laptop died, I was able to download setup a new development machine in minutes.

Passphrase-protected SSH keys on an encrypted disk. The latter is key - it makes mistakes so much less likely.