What is Stache?
Keep forgetting your passwords to all your different accounts? Now you can store them in Stache and use your NetID logon to access them!
STACHE is a service to securely store and access sensitive data, such as passwords, encryption keys, and personal identification numbers.
The creator of an entry in Stache can share the contents of the entry with other individuals. In certain situations, the information stored in Stache can be recovered when several campus administrative units (e.g., Human Resources, Dean of Students, UITS) have approved of the action. Stache leverages Federal Information Processing Standards (FIPS 140-2) and Common Criteria (ISO/IEC15408) evaluated
Where is Stache?
You can find Stache at: https://stache.arizona.edu
High Level Stache Actions
|View All||View stored, shared, and digital certificate entries.|
|View Stored||View entries that you have created and own. This displays a list of the nicknames and tags you have entered for the given item. A list of people you have shared the entry to is also provided. NOTE: If the list of shared users is long you will be able to expand the list from the main page or see the entire list within the detailed view for the entry itself.|
|View Shared||View entries that other users have created and shared to you. This displays the name and NetID of the person who shared the item to you.|
|View Keys||The Keys option lets you download and view your digital certificates generated by the Digital Certificates Service. You can find more information at the UITS Digital Certificates service page. Another useful page: Importing Your Digital Certificate.|
Fields in Stache
|Field Name||Encrypted?*||Maximum Input||Description|
The nickname is a familiar name that describes the stored information. It is displayed in the lists that are displayed when you or a sharing user view your saved or shared entries.
Since this field is not encrypted, it should not be used to store sensitive information.
|Purpose||Yes||2,450 characters||A short explanation of what this information is for.|
|Secret||Yes||2,450 characters||This field can be used for a credential (e.g., password, passphrase).|
|Memo||Yes||2,450 characters||This is an additional field to enter in information that you would like encrypted (e.g., detailed instructions or descriptions, a secure note, a lengthy encrypted hash, a license key).|
|Share With||No||2,000 NetIDs||
This is a list of the NetIDs that have access to this entry in Stache.
They should be entered one per line.
Each entry will be automatically resolved to the respective user name.
Lists of NetIDs (space separated, e.g. "netid1 netid2 netid3 ..." can also be pasted into this form.
NOTE: While this field is unencrypted, Stache mirrors the "share with" list to an internal, encrypted location which is used for run-time authorization when accessing Stache'd items.
This field allows you to organize and search on Stache'd items in a particular genre (e.g., credentials, license keys, secure notes).
Your list of tags are summarized in the main view as a tag cloud and allows you to see how frequently a tag is used based on size.
* A lock icon next to the field indicates to the user that the field is an encrypted field.
Searching for Stache'd entries is super flexible and fast.
- You can search for strings within a nickname or that might appear in multiple entries.
- You also can search for entries based on tag values and the names or NetIDs of individuals who have shared entries with you or who you have shared entries to.
- For users searching through hundreds of entries, Stache also supports field specific search capabilities, which are detailed in the table below.
|Search Syntax||Use Case||Search Example|
|tag:||Useful when wanting specifically search by tag entries||tag:monkeys|
|del:||Useful when wanting to specifically search by the person who shared an entry with you (any portion of the name or NetID)||
|delto:||Useful when wanting to specifically search by the person(s) you have shared an entry with (any portion of the name or NetID)||delto:tdarby delto:Gary Windham delto:Naiman|
Folders allow you to map Stache items to logical groupings of users and permissions. Stache'd items can be put in a folder with a given permission, and then all users with permissions to that folder will be able to access the Stache'd item with that given permission.
A folder has two sets of permissions: management permissions and object permissions.
- Object permissions are the same as described above – READ, WRITE, OWN – and refer to the permission a user will receive on a Stache'd item put in that folder.
- Management permissions deal with management of the folder itself and can be one of the following:
|WRITE||Can put Stache'd items in the folder|
|OWN||Can put Stache'd items in the folder and modify folder settings (e.g. permissions, name)|
- A folder is only visible to and usable by users in the management list; thus, someone not on the folder management list cannot put things in the folder.
- Folders have fully qualified names of the format <creator_netid>/<folder_name> (e.g., 'windhamg/plague'), which allows multiple users to have the same folder name.
- When delegating to a folder, make sure you put it in the intended folder!
Important! When using the FOLDER permission on a Stache'd item, make sure you trust everyone who is on the folder's management list as an owner! They can add and change delegation of the object permissions, thus changing permissions granted to users for that item!
Second Factor Settings
We require the use of NetID+ for second factor authentication to Stache. However, you may opt to specify additional authentication factors in addition to NetID+. Under settings, you can enable Stache-specific second factor authentication. Second factor authentication allows you to require more rigorous proof of who you are before you can access Stache. So, for instance: if your NetID password was compromised, someone would not be able to immediately access all your Stache'd passwords.
The choices of multi-factor authentication mechanism are:
|Client Certificate||Uses a certificate stored in your browser to authenticate.|
|SMS (text message)||Sends a short one time passcode to your phone via SMS text message.|
|Sends a longer one time passcode to your phone via email. (For security reasons, we recommend NOT using an email address that uses your UA NetID and password to authenticate).|
Any combination of multi-factor authentication mechanisms can be enabled.
Additionally, multi-factor can be enabled for a few circumstances:
|Require for normal logins||Second factor mechanism will be used any time you log into Stache.|
|Require for emergency logins||Second factor will only be used to grant access to Stache in the event that primary login (WebAuth) is unavailable.|
Any combination of multi-factor mechanisms can be enabled.
After enabling a multi-factor authentication mechanism, you will be required to verify that it works before it is actually used. This can be done by clicking the "verify" link next to the mechanism's header.