Secrets Management

Notes on how secrets management should be approached.

Secrets Management

How information is stored, communicated, and protected are policies that should be in place and followed. Storage, retrival, and access to screts should be simple and secure. Passwords should be encrypted and accessable only by the people that need them.

Vaultwarden is a free, open source, implementation of the bitwarden server. Vaultwarden supports most of the enterprise features of Bitwarden. It provides the ability to quickly and easily add and remove individual users with accss controls in place.

Secrets management does go beyond passwords. Secrets can be any note or document that is needed to be kept secure and out of the view of the general public.

Vaultwarden

A temporary instance of vaultwarden has been set-up at vault.mountainviewbaptist.cloud to be turned over to the church when ready. Users can be invited to the server by anyone with admin rights over the organization. Secrets can be added to collections within the organization and users that do not have admin rights can only see the collections they are granted access to. Most users will not have edit rights to secrets and cannot add personal vaults to the instance.

Secrets levels

1. Media
   • This level is the lowest level of secret.
   • It should be the accounts needed to be used by the Technical Team for Sound and Streaming.
2. Admin
   • This should be a more limited access list.
   • Admin would include access to accounts that have the ability to pay bills or make changes to the way things are set-up.
3. Super User
   • This is the most limited access list
   • Should include the Technical Administrator, Pastor, and one or two decaons.
   • These accounts would be accounts that control Domains, Servers, and or Software.
   • These accounts would be accounts that have unlimited access to the system they are for.