Ask HN: what do you use for shared PW storage?

4 points by rynop ↗ HN
What does your team/startup use for secure+encrypted, shared secret info (like PW) storage? I'm looking for something that is role based or has the ability to explicitly give user X access to asset Y. Example I have a pingdom.com l/p that I 3 of my co-workers to be able to use.

I don't mind hosting the tool. I've found https://www.passpack.com/online/ but am hesitant to trust someone else with my sensitive data.

7 comments

[ 3.3 ms ] story [ 27.1 ms ] thread
KeePass + DropBox (soon moving to KeePass + Git due to write access errors with dropbox).
I'm not seeing anything on http://keepass.info/ that says that keepass can apply roles/permissions on specific passwords. (Grant user1 view access to a particular account/password). How do you do that?
KeePass + SVN
I'm not seeing anything on http://keepass.info/ that says that they can apply roles/permissions on specific passwords. (Grant user1 view access to a particular account/password). How do you do that?
My team uses Passpack, but I found a few self-hosted solutions previously. I didn't test them, though.

TeamPass: A PHP app. Hosted or downloadable. http://www.teampass.net/

WebPasswordSafe: A Java web app. Uses Password Safe databases. https://code.google.com/p/webpasswordsafe/

corporatevault: A Grails web app. http://sourceforge.net/projects/corporatevault/

Clipperz: A JavaScript web app. Hosted or downloadable. Sharing support coming soon. http://www.clipperz.com/support/user_guide/sharing

I would really like to use a hosted solution, but I'm so hesitant to trust them. What got you over that hump? Do they have any sort of agreement in place if they leak you data, or do you sign your rights away at acct creation time?

Curious is there anything you don't you like about passpack?