Ask HN: How are teams sharing secrets?
What's the best way your team has found to manage secrets for things like db passwords, admin login credentials, etc.? 94 comments on similar discussion two weeks ago Ask HN: How are credentials managed at your company?
https://news.ycombinator.com/item?id=12396883 Instead of requiring only a password is better to use Two-Factor authentication. 2FA doesn't work so great for Postgres. You can do stuff with gssapi / kerberos. Or, if you consider that 2FA, you can use client certificates in addition to passwords. Interactive 2FA probably imo doesn't make that much sense for a database. Yep, that's what I'm trying to say. :) The "team secret sharing problem" usually refers to "how do we manage all the API and backend secrets we need to deploy and test a new instance, without having everyone shlepping them around on their dev laptops, and without ending up in a mode were the loss of one server equates to the loss of every instance in the environment." Well, kerberos isn't a bad answer for that. But it's way too annoying to set up :/