One of the things that my boss was excited to implement a few years back were passwords for our backups. Actually we were using a third party backup utility, like SQL Backup, for our SQL Server instances. We purchased the tool because of the compression, but the encryption feature was appealing to management in the wake of so many data loss reports in the media.
It seemed like a good idea, and we started to make plans for the backups. However we quickly ran into a concern: how would we manage the passwords for the backups? After all, if we lost track of the passwords, then the backups couldn’t be restore and that would be a problem. Keeping the same password forever was only slightly better than not having a password given the turnover we had seen at the company.
We used Password Safe to track current administrative passwords for our team, and that worked well, but backups introduced the new dimension of time into our password storage. We wrestled with the problem and came up with a solution, but I thought it would make an interesting Friday poll:
How do you deal with key management across time?
This mostly applies to backups because most other systems or accounts only have one password at any given time. However backups could exist for a long time, and even in a short period of time, you might have 3 or more passwords to manage. If you changed passwords one day and had an administrator quit the next day, you might end up with another change and 3 passwords across 3 days of backups.
I want to know if you’ve thought about this and how you deal with it, or if you ignore it, keep the same password, avoid encryption or any other ideas.