Master Password

27 Feb 2019

Website security is important, and even more so on a website which holds the keys to many different servers.

We generate unique keys for each server and encrypt the private keys before they are stored. Even so. we have to consider the worst case scenario - what if a hacker manages to get hold of the database and source code? To mitigate such a scenario we have added a Master Password feature.

A Master Password can be set from the Settings area and is used to encrypt all of your private keys. Once set, the next time you log in you will be prompted to enter your Master Password so that the keys can be decrypted during the session. Without the Master Password it would be very difficult for a hacker to decrypt the server keys even if they had access to the full source code and database.

It's very important not to lose your Master Password as it can not be recovered. If you lose it, then you would need to re-establish connections with each of your servers which while not catastrophic could be inconvenient.