How Credentials are encrypted with Keestash
Keestash is an Open Source Password Manager with the focus on security, integrity and having access only for people being authorized. Our focus lies on strong credentials which are stored safely and are not going to be compromised.
Strong passwords will protect agains brute-force attacks and having one for each account will limit harm when one of the passwords gets into an data leak or breach.
While having both, On-Premise and Cloud-hosted variants, there is one thing that does not change: encrypting credentials and limiting access only to the owners.
User-based Private Keys
Every user signed up for Keestash gets a random private key assigned. The key consists of both, an UUID and a some data of the user which guarantees that there is no one key generated for two users. From now on, the private key is used for de- and encrypting everything what is going to be encrypted.
One could ask now: how is the private key protected from you and the system administrator? Well, this is a valid question.
Private Keys are private
Keestash requires to choose a strong password not only for other platforms, but also while signing up at Keestash. This password is used to encrypt the private key in order to ensure that no one else will access your credentials other than you.
Doing this, we ensure that no one else will access credentials. This applies not only for legitimated access to the servers, but also for unauthorized access, the databases are leaked or otherwise compromitted.
On the other hand, forgetting or loosing the Keestash login credentials means that all passwords are unrecoverely lost. This is a tradeoff, which we accept in favor of security.
Keestash and Privacy
Due to its open nature, Keestash places a very high value on privacy. We are GDPR and CCPA compliant, do not track or share data with vendors and use encryption whereever it makes sense. Further, customers can self-host Keestash or choose one of our enterprise plans, depending on their needs and requirements.
Interested? Let’s talk 🙂