I’m creating a Perspective password database application for use by controls engineers, electricians, mechanics and various other bodies in our factory. The idea is that we have a central repository for all our passwords (HMI user levels, etc.) and that they don’t get lost when someone leaves or if I don’t need it for years, etc. It will be on our intranet only. Access will be by Active Directory login via Ignition and which passwords are revealed will be controlled by Ignition user role.
My question is, “What is a sensible way to encode / encrypt / obfuscate the password column in the database?”.
For this application the actual passwords need to be decoded on retrieval. That means that one-way encryption is not an option and I’m aware of the resultant security risks. We have multiple Ignition administrators and developers with access to the gateway and to the database.
Can anyone suggest a suitable way of doing this or ideas for where or how to store the encryption key to make it difficult to decode the whole table. In the working environment we’re unlikely to have internal rogue actors and the general purpose of the application is to centralise password storage in a way that the users can retrieve passwords based on their Ignition role.
To put things in context, this will be a step above folks writing the passwords on the back of the HMIs!
Thanks!