After adopting a variation of the Gentoo policy for managing OpenPGP (GnuPG) keys I now feel confident enough to use OpenPGP to save sensitive passwords in the cloud. Gentoo’s GLEP 63 policy takes the guesswork out of key management and provides some best practices valuable when encrypting sensitive information.

Although saving sensitive passwords in the cloud may seem a foolish endeavor the alternative is to keep passwords on the sneakernet and risk losing them. Given the abundance of thumb drives and their general multi-purpose use one might, for example, accidentally erase their only backup. Not to mention saving data on any physical medium carries the risk the physical media becomes corrupted.

If you’re a software developer working ethically you’re almost certainly using GnuPG to sign your work. And if you’ve been at it for any length of time you’ve almost certainly been forced to switch machines. Unless your aim is to create a new identity for each machine you use you need a simple, repeatable strategy moving GPG keys privately. Let me show you how.