How to store security credentials in a database

1.1k views Asked by At

I'm working on a CMDB like application, where I have to store our security credentials (servers usernames & passwords, ...).

I'm looking for the best way to store them securely with those constraints :

  • Most users will NOT have access to all credentials (depending on user role)
  • We don't want all passwords being encrypted with the same key (already tried : when a user leave the company, it's a pain to change the key...)
  • Indeed, we don't want any private key to be hard written in app source, or even stored anywhere (in our previous version, private key was stored between our ears...)
  • We need to realize passwords strength audits (ie. parse decrypted passwords from a script)
  • There must not be any case where we can not access our credentials anymore (lost key, ...) => we don't want unauthorized persons to look at them but we don't want to loose them either => solution for this constraint could be regular export into a physical locker...

I'm not asking about application (https, ...) or database (no public access, ...) security concerns themselves but only about the storage side (could even NOT be in a database...? encrypted files or something...) : Is it possible to prevent someone, even having access to app code or database content (worst case scenario), to be able to read decrypted credentials ?

I'm aware that I'm asking for some magic solution, but I want to know it if it exists ;o)

1

There are 1 answers

3
Billy ONeal On BEST ANSWER

The general case of what you're asking to do is not possible. All types of modern cryptography are mechanical advantage. That is, they use a small secret to guard a larger secret. If you can't keep the small secret safe, there is no safety. If you want the ability to give passwords on a password by password basis to someone, you are effectively giving them the secret -- the passwords -- that they would need to gain access to the items in question.

This very problem is why federated identity systems (Kerberos/Active Directory/etc.) systems exist -- to allow a central machine to authenticate users without exposing secrets to said users. But using a federated identity system requires cooperation between the system-to-be-logged-in-to and the identity service.