Password management
Ideally, we would have a hosted password manager such as bitwarden or 1password for all of our active volunteers. Sadly, that's too expensive so we work with a file-based solution.
KeePass vaults
If you are (co-)head of a local chapters and/or another team within CorrelAid (such as podcast, mentoring, ethics committee), you will get access to a password-protected KeePass database file (.kdbx
). This file is shared with only you and your collaborators via Google Drive. It will contain the login credentials for your shared Google account, e.g. konstanz@correlaid.org or podcast@correlaid.org as well as other relevant credentials.
What is KeePass?
KeePass is a free open source password manager, which helps you to manage your passwords in a secure way. You can store all your passwords in one database, which is locked with a master key. So you only have to remember one single master key to unlock the whole database. Database files are encrypted using the best and most secure encryption algorithms currently known (AES-256, ChaCha20 and Twofish).
(Source: https://keepass.info/index.html)
How can I access the password(s)?
You get the master password for the database file from either Isabel (local chapters) or Frie (other teams) via a secure channel. Please store this password safely, e.g. in your personal password manager (bitwarden is free!).
Download one of the KeePass clients
Download the database file - you can find it in the Shared Drive
08_vaults
.Open the file in your KeePass client. It will ask you for the master password. Once you have unlocked the database, you will be able to access the password(s) stored in there.
How do I add a new password/change a password?
Prerequesites: KeePass client (see above), master password (see above)
Optional but recommended: Sync Google Drive (Windows, Mac, Linux) to your personal laptop so that you have access to your Google Drive files via your file explorer.
Download the database file - you can find it in the Shared Drive
08_vaults
. Or find it in the synced folder if you have synced the Google Drive to your machine.Open the file in your KeePass client. It will ask you for the master password. Once you have unlocked the database, you will be able to access the password(s) stored in there.
Edit the entry you want to edit or add a new entry. Lock the database/save it (depending on client).
Upload the database file back to Google Drive or let sync do this for you.
While you are editing the file, other collaborators from your team must not edit the file at the same time. Given that teams typically don't handle many passwords, this should rarely be a problem. :)
Admin
How do I add a new vault?
make sure you have a keepass client downloaded (Recommended MacPass for MacOS)
create a new vault and create the items inside it. how you do that depends on your client.
secure the vault with a password, ideally a passphrase
share the vault file with your teammates, e.g. in your Google Drive Workspace. This is ok - the vault can only be decrypted with the password.
transmit the passphrase via a secure, encrypted communication channel (not Slack or telegram). For example, signal, whatsapp or via voice.
Last updated