DoubleLock
is a feature that adds an extra layer of security for your most
sensitive secrets. When a user tries to access a DoubleLocked secret,
they will have to enter their DoubleLock password, which is a unique
password that is different from the login password. If your server and
database both become compromised, DoubleLocked secrets will still be
protected. When someone DoubleLocks a secret, it becomes re-encrypted
using a unique AES 256 key. This key is encrypted asymmetrically (using
RSA) for each user who has access to the DoubleLock and can only be
accessed with their own DoubleLock password.
To use DoubleLock , you must first create a DoubleLock password. This
can be done by clicking "tools" and then clicking "Create DoubleLock
Password". Next, you can create a DoubleLock by clicking on
"Administration", then on "DoubleLock", and finally on "Create New".
After creating a DoubleLock, click the "Edit" button on the DoubleLock
assignment page. This will bring you to a page where you can choose
which users have access to the DoubleLock. Note that each user will
first need to create a DoubleLock password before they can be assigned
a DoubleLock.
To DoubleLock a secret, view the secret, click the "Security" tab,
click "Edit", check the "Enable DoubleLock" box, and choose the
DoubleLock. Once a secret is DoubleLocked, only users with view
permissions on the secret and with access to the DoubleLock can view
the secret.Article ID: 53, Created On: 9/30/2009, Modified: 1/27/2010