I'm facing a challenge with storing critical infrastructure secrets that are too sensitive for regular password managers. I'm looking for long-term secure storage options for things like backup encryption master keys, root CA private keys, and emergency access credentials. These secrets are crucial for safeguarding a lot of irreplaceable data but can't be rotated easily. I'd love to hear your strategies on managing these types of secrets and if anyone else is using mathematical secret sharing techniques for distributed security. What methods do you recommend?
2 Answers
I go old school with printed cards and stickers, and I lock them up in a safe. It's simple but effective for long-term storage of critical information. Always have a backup plan for the unexpected, too!
For critical infrastructure, securing your secrets should be top priority. Some places use high-security rooms with mantraps and round-the-clock armed guards. It's a hefty investment, but definitely something banks and major institutions do. However, most of us don't have that kind of access. Using techniques like Shamir's Secret Sharing could really help level the playing field for smaller outfits without breaking the bank.
Exactly! Secure facilities work for those with unlimited budgets, but for the rest of us, distributed approaches like Shamir’s Secret Sharing provide a solution without needing military-grade security.