I'm curious about the best practices for keeping track of local administrator account credentials for various appliances and systems. While many of our daily accounts use domain or SSO authentication, there's still a need to document local credentials, especially for emergency (or 'break glass') accounts. Given that multiple team members may need access to these credentials for certain updates or operations, what methods do you all use to document and share this information securely?
5 Answers
A password manager works great for sharing passwords across the team. At a previous job, we used LastPass to rotate break glass account credentials monthly and store them safely. It really streamlined our process.
We're still on an encrypted spreadsheet which is a bit dated. We're looking to upgrade soon, but I know some teams that manage everything through dedicated tools like Keeper and Secret Server.
LAPS is great for Windows servers, but I think having a comprehensive PAM solution is crucial for anything else, especially for non-Windows systems. We use Devolutions to manage a lot of our credentials.
For anything that's not domain-joined, we rely heavily on Bitwarden and a password vault to manage our credentials. It's essential to have a backup plan in place!
We use IT Glue for documentation, and we also implement LAPS to manage our local admin accounts. It's a solid setup that keeps everything organized and secure.
Totally agree! We do something similar, only now we use Bitwarden. It handles shared access well, plus the secure send feature is a lifesaver!