1 / 6

Secure Cross-Platform Password Management with Passw3rd

Passw3rd is a robust cross-platform, cross-language password management tool designed for applications. It helps developers keep passwords out of code and configuration files by storing them in encrypted files that can be safely checked into version control. With features for generating, creating, and verifying password files, Passw3rd simplifies password rotation and key management without compromising security, especially for production environments. Explore the GitHub repository for more information and implementation details.

devika
Télécharger la présentation

Secure Cross-Platform Password Management with Passw3rd

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Passw3rd Neil Matatall @nilematotle oreoshake

  2. What is it? • Cross-platform, cross-language password management for applications • Keeps passwords out of code and configuration files, but keeps them in encrypted files that can be checked into version control • Keys for dev/test can be checked in, but prod keys must be protected

  3. Give me the run down • Generate keys: passw3rd –g <-k path> generated keys in /Users/neil (creates .passw3rd-encryptionIV and .passw3rd-encryptionKey) • Create a password file $ passw3rd –e file_name <-p path> <-k path> Enter the password: Wrote password to /Users/neil/file_name • Verify the password can be retrieved $ passw3rd –d file_name <-p path> <-k path> The password is: asdf

  4. Business model

  5. Phase 3: Profit • Need a password rotation? • Fine, just create a new password file for the affected accounts • Need a new server? • Just make the keys part of your build script • Need to rotate your key? • Trivial, decrypt with the old, encrypt with the new Wait, hold on a second you can’t change… oh yeah that sounds like a good idea…

  6. Questions? https://github.com/oreoshake/passw3rd https://github.com/oreoshake/passw3rd_java http://rubygems.org/gems/passw3rd https://www.owasp.org/index.php/OWASP_Passw3rd_Project#tab=Project_About

More Related