Older posts...
Older posts...
28 Sep
How I'm going to land my dream job
28 Sep 2014
How I'm going to land my dream job
1 Oct
Neural net training fail
1 Oct 2014
Neural net training fail
13 Oct
Pow + SSL without the hassle
13 Oct 2014
Pow + SSL without the hassle
17 Oct
Using machine learning to rank search results (part 1)
17 Oct 2014
Using machine learning to rank search results (part 1)
23 Oct
Using machine learning to rank search results (part 2)
23 Oct 2014
Using machine learning to rank search results (part 2)
9 Nov
Managing complexity in Go
9 Nov 2014
Managing complexity in Go
25 Nov
Remote work: an engineering leader's perspective
25 Nov 2014
Remote work: an engineering leader's perspective
19 Sep
Running A/B tests on our hosting infrastructure
19 Sep 2016
Running A/B tests on our hosting infrastructure
19 Jan
Optimising Redis storage, part two
19 Jan 2017
Optimising Redis storage, part two
27 Mar
Every service is an island
27 Mar 2017
Every service is an island

Donjon, sharing passwords securely

Donjon is a secure, multi-user store for key-value pairs.

We built Donjon to share credentials in a (small) devops team, for services where single user accounts don’t make sense, e.g.:

  • root passwords for databases and servers
  • root credentials for hosting accounts
  • accounts for web services that don’t do multi-user/multi-admin
  • Two-factor tokens for single-user web services.

Donjon /dɔ̃.ʒɔ̃/ (French): noun, m. Strongest tower of the castle or keep, where the archives and treasure were kept, also used as the last line of defense.

Donjon uses standards for encryption: 2048-bit asymmetric RSA encryption used to prime symmetric 256-bit AES CBC encryption with random padding. In other words, while the NSA will probably be able to read your data should it get its paws on it, it’s unlikely Joe Hacker will.

Online tools exist that serve the same purpose as Donjon, but simply put: they’re generally closed source and host the data somewhere we don’t control. We think the inconvenience of not having a cute toolbar icon for passwords is trumped by better security.

A typical session with Donjon will look unsurprising:

$ dj config:get some_server
Please enter the password for your private key
> *****
le_password

$ dj config:set other_service=s3cr3t
Please enter the password for your private key
> *****

Donjon will ask for a password every single time. Behind the scenes, a very straightforward crypto implementation using OpenSSL does the magic.

We typicaly sync our Donjon store in the team using Bittorrent Sync to avoid a centralised server.

Head on to Github to have a play.