Skip to main content
Sponsor @cloudposse

Decide on 1Password Strategy

We need to determine the best strategy for using 1Password to securely share sensitive information, such as passwords and integration keys, with individuals and teams during engagements with Cloud Posse. This decision aims to ensure a secure and efficient method for exchanging secrets while considering compatibility with AWS root account credentials.

Problem

We need a secure (cryptographic) way to share sensitive information (e.g. passwords, integration keys, credit card numbers, etc) with individuals and teams. Ideally, the solution works with AWS so we can secure root account credentials.

1Password is a great choice for sharing secrets with teams. The downside is it doesn't support cryptographically secure means of sharing secrets with individuals. It also does not integrate with terraform.

Please see Decide on MFA Solution for AWS Root Accounts for additional context on why we recommend 1Password.

Supported Options

caution

During the course of your engagement with Cloud Posse we require using 1Password as the secrets storage for exchanging secrets between teams. Customer is free to use whatever system internally and copy secrets out of 1Password.

You can share a private vault with our team for the duration of this engagement.

Use Cloud Posse’s 1Password (Temporary Alternative)

We can share a private vault with your team for the duration of this engagement. That way your company can work on procuring the best solution for your team. We recommend this approach if your team does not already have a viable solution and procurement of 1Password will delay the engagement.

Excluded Options

PGP / GPG / PKE

Public Key Encryption is a great way to securely exchange secrets, but it's overly complicated for non-engineers. Anything that’s complicated or not the path-of-least-resistance tends to lose in the long run.

Slack

Slack does not provide any secure means of exchanging secrets. It should not be used.

LastPass

LastPass does not provide a means for shared TOTP, so we cannot work in a collaborative environment.