ryananeff
commented
8 years ago Also thinking of using this: https://pypi.python.org/pypi/keyring
Closed ryananeff closed 8 years ago
ryananeff
commented
8 years ago Also thinking of using this: https://pypi.python.org/pypi/keyring
hukevinxiaochen
commented
8 years ago Interesting... Just some extra reading links for myself I'm going to drop here if anyone else is interested.
ryananeff
commented
8 years ago Implemented as of 3/15/16
could be a different way of securing this, not sure what the level of paranoia we need to take is.
Restarts of the server should require decrypting passwords using a master password kept off of the server OR a keypair like gpg that a user would have to input. Variables should then be stored in memory somewhere secure like in Python in memory variables. Entering the master password should not be automated but should be set up to immediately notify whoever is responsible for doing that.
This way even with a complete copy of all files on droplet there is no possible way to decrypt data unless memory was dumped somehow.
TODO: Reliability, how to keep this simple