secrets and remote sites

[pixel fairy]

If you want to keep secrets, and work on a mostly remote site, it seems you have a couple options.

1. encrypt the vault with gpg and run from your (hopefully) safe laptop and hope the connection is good
2. run it in tmux at the remote site, but possibly expose your vault credentials.

• type a symmetric passphrase over ssh means keyboard timing attack. so definitely not.
• remote gpg management is a bit scary too. you may trust your co workers, but you never know what their cats are up to.
  

keepassx can type into a window, so thats a possibility.

how do you all handle this?

For us the big problem is windows server(as usual), because they dont have ssh, and winrm is a mess.