> You'll need to share the decryption key (e.g. via 1password shared vaults). No... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mtarnovan on Sept 26, 2024 \| parent \| context \| favorite \| on: Ask HN: What tools should I use to manage secrets ... > You'll need to share the decryption key (e.g. via 1password shared vaults). Not really. It also supports keeping the symmetric decryption key encrypted with the GPG key of each added user (and handles this automatically). This is the default behavior. What you're saying also works (quoting from readme, emphasis mine: "Alternatively, you can export a symmetric secret key, which you must securely convey to collaborators."), but feels worse from a security point of view.

starwatch on Sept 26, 2024 [–]

True on all counts. I never got the GPG approach working - though admittedly I didn't put too much effort into figuring it out.

Refalm on Sept 27, 2024 | [–]

Implementation is easy. Getting people to understand GPG is another thing entirely.

natch on Sept 27, 2024 | | [–]

Because they have trouble wrapping their head around public / private keys? Or something else?

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact