How do you manage team passwords?
We using in one ops team a central keepass for external web services. This brings a lot of effort when an employee leaves the company. Basically we need to change all passwords. How do you handle this? Well, if you cannot trust your leaving employee to keep his confidentiality agreement - you have one, right - than you will need to change all password. I do not see how this has anything to do with how you store the passwords in the first place. If the problem is, that he sees more passwords than necessary, why not have multiple keypass databases? Encrypted 7-zip with an encrypted keypass file inside, stored on highly audited and logged PCI server. Certainly not in a cloud service, as that puts the creds in a 3rd party data processor. Creds rotated as people move around. We have a local file server with keepass, its not great we have problems with one person locking the file and no one else can save details to it. I want to switch to something like syncthing so every one gets a local copy thats kept in sync, im hoping this will fix the locking issue. We have too many accounts to change when some one leaves so we just change them all once a year. We use LastPass Enterprise with 2FA to share relevant credentials with the required groups. We avoid services that don’t support multiple users and two factor authentication. I've used EnvKey for a few side projects that involved collaborators. Excel spreadsheet on a highly secure, intranet-only SMB share. Not even joking. The equivalent of a post-it note stuck on the side of the monitor with the pass written on it Google docs here and with the last company. Not joking either. Secure excel sheet is better :( Then again, we're quite paranoid Google already has a lot of our passwords. Sometimes we take photos of IP addresses and passwords and it gets into Google photos because of someone's phone camera settings. Do we work at the same place? Keybase + bitwarden Curious, what does Keybase has to do with it ?