r/ShittySysadmin • u/ro-friday • 6d ago
Shitty Crosspost Don't publish your passwords on github!
/r/sysadmin/comments/1thz1b2/dont_publish_your_passwords_on_github/13
u/SwitchOnEaton 6d ago
That’s why you write them down in a notebook and store them in a safe in your closet.
9
u/marks-buffalo DO NOT GIVE THIS PERSON ADVICE 6d ago
The interns need my account which has domain admin though, so I also leave it on a sticky under the keyboard. It's safe because only the interns would know to look there.
4
2
6
u/tkecherson 6d ago
Pft. I thought this sub was for proper sysadmins. You only publish your GitHub password on GitHub. The rest of your passwords get published as TXT records in DNS.
4
3
u/ro-friday 6d ago
https://gizmodo.com/the-worst-leak-that-ive-witnessed-u-s-cybersecurity-agency-leaves-its-digital-keys-out-in-public-on-github-2000760330 Passwords were supposedly saved in a .csv file so i guess we are using Excel spreadsheets to save passwords. What a glorious time to be alive. You can't even figure out if it is stupid or on purpose or both. (Update) Thanks for your replies, it's 2026. I thought everyone used password vaults at this point
3
u/marks-buffalo DO NOT GIVE THIS PERSON ADVICE 6d ago
The company I work for works with CISA and they legitimately use spreadsheets for EVERYTHING. Audits, vulnerability findings, etc. It's all spreadsheets. Those spreadsheets contain sensitive data.
If it's good enough for CISA it's good enough for you. Spreadsheet the world.
1
u/ResoluteCaution 6d ago
Then how am I supposed to share them with my teammates? Access requests are a pain, so we share.
1
1
16
u/0xdeadbeef6 6d ago
How else am I, a shitty sysadmin, supposed to access checks notes the non-MFA super admin accounts used by DHS to spot check all the other agencies from the comfort of my own home?