Stache Basics What is Stache? Where is Stache? Who can use Stache? What can you do with Stache? High Level Stache Actions Stache Permissions Stache Actions Stache Search Stache Folders Second Factor Settings What's new with Stache? What is Stache ? The University of Texas at Austin Information Security Office created STACHE to provide secure backup of sensitive data, such as encryption keys, passwords, passphrases, and personal identification numbers. The creator of the entry in Stache can share the contents of the entry with other individuals. In certain situations, the information stored in Stache can be recovered when several campus administrative units (e.g., Information Security Office, Legal Affairs, Compliance Office, Internal Audit) have approved of the action. Stache leverages Federal Information Processing Standards (FIPS 140-2) and Common Criteria (ISO/IEC15408) evaluated Hardware Security Module (HSM) technology to provide advanced, reliable data-compromise protection and prevention. Where is Stache? You can find Stache at: https://stache.utexas.edu Stache is also available at: https://escrow.security.utexas.edu OR https://stache.security.utexas.edu OR https://stash.security.utexa s.edu If for some reason you need to bypass the load balancing capabilities for this service (e.g., if the load balancers have gone offline in the Data Center), you can still access the stache servers directly via: [NOTE: these devices synchronize with each other in high availability mode, but in a significant disaster one or both could be knocked offline] https://stache-udcc.infosec.utexas.edu:8080 (primary) https://stache-udcb.infosec.utexas.edu:8080 (secondary) Who can use Stache? Stache is currently available to active faculty, staff, and students affiliated with the University of Texas at Austin.What can you do with Stache? High Level Stache Actions View All View stored, shared, and digital certificate entries. View Stored View entries that you have created and own. This displays a list of the nicknames and tags you have entered for the given item. A list of people you have shared the entry to is also provided. NOTE: If the list of shared users is long you will be able to expand the list from the main page or see the entire list within the detailed view for the entry itself. View Shared View entries that other users have created and shared to you. This displays the name and EID of the person who shared the item to you. View Keys The Keys option lets you download and view your digital certificates generated by the Digital Certificate Service. You can find more information at the ITS Digital Certificates service page. Another useful page: Importing your digital certificate. Stache Permissions Permission Effect Owner Change membership (EIDs) and the permissions assigned to them. Also, all of the effects of the writer permission. Writer Change values for any of the fields in Stache, except membership and permissions. Reader View values for any of the fields in Stache. Can only change tags. Folder (Folders only) User permissions are inherited based on folder settings; see note under Stache Folders. Stache Actions For Owned Items Delete Entry Removes the entry you have created. Save Changes Updates all elements for the respective item. For Shared Items Delete Entry Removes you from the respective item that has been shared to you. Save Changes to Tags Updates the tags you have identified for the respective item. Clone this Entry Creates a copy of an item that has been shared with you. The clone will appear as though you created it. Clone this Entry and Delete It Creates a copy of an item that has been shared with you and removes you from the original shared item.Stache Search Searching for Stache'd entries is super flexible and fast. You can search for strings within a nickname or that might appear in multiple entries. You also can search for entries based on tag values and the names or EIDs of individuals who have shared entries with you or who you have shared entries to. For users searching through hundreds of entries, Stache also supports field specific search capabilities, which are detailed in the table below. Search Syntax Use Case Search Example tag: Useful when wanting specifically search by tag entries tag:monkeys del: Useful when wanting to specifically search by the person who shared an entry with you (any portion of the name or EID) del:weiland del:Cam Beasley del:Beasley delto: Useful when wanting to specifically search by the person(s) you have shared an entry with (any portion of the name or EID) delto:weiland delto:Cam Beasley delto:Beasley Stache Folders Folders allow you to map Stache items to logical groupings of users and permissions. Stache'd items can be put in a folder with a given permission, and then all users with permissions to that folder will be able to access the Stache'd item with that given permission. A folder itself has two sets of permissions: management permissions and object permissions. Object permissions are the same as described above -- READ, WRITE, OWN -- and refer to the permission a user will receive on a Stache'd item put in that folder. Management permissions deal with management of the folder itself and can be one of the following: Management Permission Description WRITE Can put Stache'd items in the folder OWN Can put Stache'd items in the folder and modify folder settings (e.g. permissions, name) A folder is only visible to and usable by users in the management list; thus, someone not on the folder management list cannot put things in the folder. Folders have fully qualified names of the format
or 'weiland/plague', which allows multiple users to have the same folder name. When delegating to a folder, make sure you put it in the intended folder! Important! When using the FOLDER permission on a Stache'd item, make sure you trust everyone who is on the folder's management list as an owner! They can add and change delegation of the object permissions, thus changing permissions granted to users for that item!Second Factor Settings Under settings, you can enable second factor authentication. Second factor authentication allows you to require more rigorous proof of who you are before you can access Stache. So, for instance: if your EID password was compromised, someone would not be able to immediately access all your Stache'd passwords. The choices of second factor authentication mechanism are: Options Description Client Certificate Uses a certificate stored in your browser to authenticate. SMS (text message) Sends a short nonce to your phone via text message. Email Sends a longer nonce to your phone via email. (For security reasons, we recommend NOT using an email address that uses your EID and password to authenticate). Any combination of second factor authentication mechanisms can be enabled. Additionally, second factor can be enabled for a few circumstances: Setting Description Require for normal logins Second factor mechanism will be used any time you log into Stache. Require for emergency logins Second factor will only be used to grant access to Stache in the event that primary login (EID-auth) is unavailable. Any combination of second factor circumstances can be enabled. After enabling a second factor authentication mechanism, you will be required to verify that it works before it is actually used. This can be done by clicking the "verify" link next to the mechanism's header.What's new with Stache? [2013-NOV-11] New feature for folders was added. Now you can create folders for groups of folks you commonly share with MofN functionality expanded – this is for back-end management of Stache [2013-JUN-07] permissions have been expanded to provide owner, writer, and reader roles each Stached item can have multiple of each permission (e.g. 7 owners, 3 writers, 44 readers) readers can only view the information in a Stached item writers can modify the information in a Stached item owners can modify the information in a Stached item, and change permissions and membership recent modification dates are listed on the Stached item view last modification time is shown on the main list as well full unicode (international character) support in all fields [2013-APR-04] tested by set of group of heavy-use Stache users Stache now supports a responsive user interface to accommodate various screen sizes, mobile devices, etc students can now use Stache second factor authentication options are now available second factor options include: digital certificates (via https://certificates.security.utexas.edu, SMS messaging, or e-mail) multiple second factors can be used if desired emergency authentication options (for the rare occasion that TED / EID authentication is unavailable) if for some reason normal EID authentication is unavailable, users can elect to fallback to a second factor for login. to do so, users would simply select the option "require for emergency logins" Stache is backed up to a remote (cloud) database, and automatically used when the primary (UT) database is unavailable due to maintenance or happenstance [2012-JAN-23] lighter weight user interface introduced tested by set of group of heavy-use Stache users no new features or functionality has been added in this release [2011-MAR-18] fat cookie authentication replaced with EID-based ldap authentication many new features added to address customer feedback a new layout has been provided able to open items in separate browser tags if desired tag capability added for personal organizational purposes tags are presented as a tag cloud for added convenience name resolution added for all types of shared users rich search now possible on entries, shared users, and tags also supports search of EIDs and name [2011-JUN-22] users can now clone an item that has been shared to them into their own personal stache. users can also elect to both clone the item and remove themselves from the original shared item (clone and remove).
URL is unavailable.