top | item 29603947

(no title)

sig-io | 4 years ago

Yes, but this doesn't lock people out of decrypting old copies, it's git, they can rolllback to before their key was removed, and decrypt every old secret they had access tobwhich hasn't been rotated yet. The key-rotation on every employee-change is the hard part.

discuss

Xylakant|4 years ago

You have to assume in any case and for any password manager that they retain a decrypted copy - worst case manually copying the secret to a text file.