One of the biggest digital assets that any company has is its secrets. These include passwords, key rings, certificates, and any other digital asset used to protect another asset from tampering or unauthorized access.
Digital World, Digital Locks
As a DBA, you are very likely to manage some of these assets for your company – and your employer trusts you with keeping them safe. Probably one of the most important of these assets are passwords. As you well know, the can be used anywhere: for service accounts, credentials, proxies, linked servers, DTS/SSIS packages, symmetrical keys, private keys, etc., etc.
Have you given some thought to what you’re doing to keep these passwords safe? Are you backing them up somewhere? Who else besides you can access them?
Good-Ol’ Post-It Notes Under Your Keyboard
If you have a password-protected Excel sheet for your passwords, I have bad news for you: Excel’s level of encryption is good for your grandma’s budget spreadsheet, not for a list of enterprise passwords.
I will try to summarize the main point of this best practice in one sentence: You should keep your passwords on an encrypted, access and version-controlled, backed-up, well-known shared location that every DBA on your team is aware of, and maintain copies of this password “database” on your DBA’s workstations.
Now I have to break down that statement to you:
– Encrypted: what’s the point of saving your passwords on a file that any Windows admin with enough privileges can read?
– Access controlled: This one is pretty much self-explanatory.
Continue reading on SQLBlog.com.