Where do you store secrets you can’t easily change if exposed

Question

I&rsquo;m using/leaving LastPass and following the vault exposure working my way through 100s of password changes. I realised when doing this that I have a bunch of stuff in LP that isn&rsquo;t so easy to change such as bank card details, word sets to recover access to 2FA protected accounts, SSH keys and passphrases, root passwords etcWhat are others using to store these types of secrets?I&rsquo;m moving to Bitwarden and although it may support secure notes I&rsquo;d be interested to hear what others are doing.

seanhunter · Accepted Answer

On a personal basis I use &ldquo;pass&rdquo;[1] because I want something that is cross-platform on the oses I care about, works well in the cli and suits my needs and I don&rsquo;t care very much about having a browser extension or a super-userfriendly experience or mobile support. I have a lot of scripts that are likeMYSECRET=$(pass somesecret | sed -n 3p) somescriptAnd then the script uses the secret from that specific line to do whatever it needs to do.For work purposes most of our stuff is cloud based so if a secret is needed by scripts then it goes in a cloud-based secrets manager (for us it&rsquo;s aws secrets manager or the secure parameter store thing depending) and if it&rsquo;s for humans then we use one of a couple of methods of sharing securely in teams.[1] https://www.passwordstore.org/

karthie_a · Answer

long term bitwarden user will keep calm and carry on

bhu1st · Answer

I have keepass desktop. Not sure how secure it is.