Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

These safes are certified for all kinds of sensitive (GSA recommends them for Classified use from what I have read) use and they are safe.

Ideally, you connect Vault to a HSM if you need that kind of security that’s being described. HSMs are electronic safes



> These safes are certified for classified use and they are safe.

The website says "10 minutes against forced entry". That's not safe.

No safe is safe against a state level actor. No safe is safe against "hit you with a crowbar until you open the safe".

Whatever secrets you have, it's better to hide them than to put them in such a conspicuous place. The only reason one should use a safe is as a plausible decoy...


This isn’t the safe to rule all safes. You have other mitigating factors like access control.

If you have state level actors physically breaking into your facilities then we might be at war


If you have enough books (which doesn't even have to be that many), it's much better to store your secrets in one or more of the books.


Yea but you have multiple pieces of the secret to restart your Vault instance. Now you need to go to everyone’s office or home to get this secret to restore it.

I am referring to Shamir algorithm that Vault uses




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: