Single encrypted file

Hi there.
I need to create a encrypted file with all used passawords, and to grant access to some apps/scripts.
I'm currently leading with a system where credentials are scattered in the code,and consequently in plain text .
My objective is to create a single "repository" file and encripted.
Can you give me your opinion for the best/most secure way to do this?

 

I need some more information. Let me see if I follow and feel free to lash out if I miss the mark. You are looking for a means to encrypt a list of passwords that will be used alongside other scripting processes correct? Will these processes be to call the passwords to given programs/applications to log into? Is this for a database backend? Or personal use such as a simple excel/notepad file?

 

Exactly. It´s essencially DB credentials.
I got two diferent environments. One is based on windows, with perl scripts.
the other is unix based, and also with perl but mostly shellscripts.

My objective is to delete those credentials from plaintext files and to gather and encrypt then. After that I need to create(or hopefuly google it) a mechanism to read and decrypt those credentials. my first objective is to "clean" up the windows environment.

thanks

 

My little disclaimer I am by no means a database engineer though I did stay at a holiday inn express. My background is in network security, cyber forensics and penetration testing with some IA NIST 800 sprinkled ontop.

Encryption can indeed provide strong security for data at rest, but
you are going to have to take several factors into consideration such as:

Where is the encryption to be performed, (e.g. the database, or in the application calling the data?)
Who will have access to the encryption keys?
How much data must be encrypted?
What’s an acceptable trade-off between security and performance?

Once you have that answered my next question for you is, are you using any DMS? (Database Management Software) I know MS SQL server can do all this for you with some simple commands. That being said if you are doing this all from scratch then yes you will have to create a front-end to encrypt and run the passwords through a hashing algorithm (SHA-256 I would suggest) with a unique salt for each entry etc. Example can be found here

I can’t craft an easy solution because I’d still need even more information from you, though this does give you a little insight.

 

Kind of like an internal LastPass?

 

I for one truly appreciate all of your contributions here. Thanks.