Ask HN: How do you manage your secrets (gpg keys, etc)

5 points by codemac ↗ HN
Hi!

I've been getting a lot more into using git-annex[0], and I was thinking about the best policies for my personal secrets, as I want to encrypt and distribute my data everywhere now that I have a tool to do it. Currently I'm using LastPass + a usb drive of gpg private subkeys (mostly online) + print outs of revocation keys + another usb key with the master key (only use offline)

What software are you using?

e.g.: 1Password, KeePass, LastPass, gpg -d passwords.txt | grep ycombinator, dropbox with stealmystuff.txt..

What hardware are you using?

USB keys, yubikey, mobile phone 2fa, paper and pen, printers.

Just curious what the current best practices are, and what things have worked on the longest timescales.

[0]: https://git-annex.branchable.com/

6 comments

[ 3.4 ms ] story [ 21.4 ms ] thread
Password safe for websites and I just memorise the password for that, my gpg key, and my ssh keys. I'm sure the ones I have memorised are not as secure as they should be but they are stored on my PC so if someone has access I have bigger problems.
I store them as secure notes, or attachments in secure notes, using 1Password. I'm quite happy with it so far.
What software are you using? LastPass

What hardware are you using? mobile phone 2fa

I have a decent size passphrase that I change every 3 months. I store the back up keys for my gmail and dropbox account in my personal safe. I also have a Truecrypt container for storing sensitive information like a backup of my LastPass db. LastPass is very convenient but storing it in the cloud makes me wonder if there is a backdoor for gov.

Lastpass, Boxcryptor
Lastpass, KeepassX and `tar czf --to-stdout diroffiles/ | gpg -c -o thing.tar.gz.gpg`