We have 3 teams. Each one currently has it's own keypass db, with two ore floating out there somewhere. Anytime a password is changed it needs updated in 5 different spots. We share certain entries across some teams, some entries are shared across team leadership others belong only to a single team.
Going to multiple vaults seems like the same path we are on, duplicate entries everywhere - is there a best practice or such on how this should be setup?
It's not possible to share an entry between multiple repositories in Password Hub.
If a credential needs to be shared between several teams, maybe you can create a repository that all your teams have access to avoid duplicating the same credential entry over and over.
I'd like to say that the exact scenario described by jbocook is the key functionality we are looking for.
Imagine in our business we have Purchasing and Accounting.
These teams generally have completely separate sets of passwords except for a few passwords.
Right now with my understanding of Hub we would require 3 vaults/repositories to maintain the passwords for this.
Then with other scenarios I've got cross Accounting and HR items. I've got production planning and purchasing that are sharing and shop floor employees and purchasing. All of the sudden instead of a nice and tidy list of places for employee's to find passwords they have them spread across many multiples of vaults. A crucial capability in any of these password management type systems is an easy way to share across departments.
- Human Resources
- Project Management
- Human Resources/Accounting
- Project Management / Sales
- Project Management / Planning
- Sales / Marketing
- Marketing / IT
- Maintenance / Purchasing
- Machining / Purchasing
- Assembly / Purchasing
- Quality / Project Management
Indeed its a desirable scenario, but we've had to make design choices and its not possible at this time.
The most common complaints towards Remote Desktop Manager (RDM) and Devolutions Password Server (DPS) are: the steep learning curve, and the extreme flexibility of our Role Based Access Control, which makes it difficult to set up initially.
For the Password Hub, we decided to offer a much simplified version as it become an "intermediate" offering for those that do not want to manage infrastructure. This is also justified by the availability of DPS for those that have needs beyond what Hub offers.
What you seek would only be possible with RDM paired with DPS. By using folder based security, and our entry shortcuts, you would only have to manage a single entry for all of the teams.
Most likely not a response that satisfies you, but we do intend keeping Hub as simple as possible considering our target market.