[BBLISA] Systems for Organizing Shared Secrets

[Neil Schelly]

I'm curious what experience others have with systems for sharing
secure secrets in their orgs. We've got collections of private keys
for SSL certificates, SSH authentication sessions, AWS credentials,
and more.  They aren't all managed in a consistent fashion, which
means we've got different backup strategies and authentication
necessary to get to all of them, and of course none of it is as clean
as we'd like.

Does anyone here have any experience with systems that make it easy to
keep secrets hidden while still allowing access to those who need it?
I'd love a system that can turn into something to create and sign SSL
keys via a self-service interface too, down the road, but I'm mostly
trying to create an easy enough alternative to putting sensitive keys
into code repositories when they don't know any better.  It's hard to
tell people not to do that when the safe options really aren't very
good or very user friendly.

Thanks for any pointers!
-Neil