The UT Information Security Office (ISO) created Stache (named after the moustache of the fictional TV private eye Thomas Magnum, portrayed by Tom Selleck)  to provide secure storage, sharing, and backup of such sensitive data as passwords, encryption keys, lock codes, and personal identification numbers. The creator of an entry in Stache controls who can see and/or edit the information.  No one else can see or access the data you enter (see footnote 1).

Use of Stache is available at no cost to active students, faculty and staff affiliated with the University of Texas at Austin.  All access is controlled via UT EID.

Stache is a web site, located at https://stache.security.utexas.edu/ and utilizes UT EIDs for access, authentication, and sharing.  Stache is available only via the UT Campus network, or via VPN if you are off campus.

We recommend you start using Stache for sharing sensitive data such as passwords with others.  Getting started is easy – just follow these simple instructions:

1. In your web browser, open the address https://stache.security.utexas.edu/
2. Log in using your UT EID and password.
3. From the left side menu, click on "new entry" to create a new entry.
4. Enter a "nickname" for this entry describing it in key terms (such as "web server account"). Stache entries accessible to a user are listed on that user's stache home page alphabetically by nickname.  This field is not encrypted, so don't put any sensitive information in it!
5. Enter the "purpose" for this entry (such as "Fred's log in credentials for the web server foo.cns.utexas.edu")
6. Enter the "secret" for this entry (such as the actual username and password)
7. Enter any additional "memo" information (such as how to connect to the machine for log in, etc)
8. In the "share with" entry, optionally add the EIDs of users you want to share the information with.  As you type in the text field, the system will provide matches you can select from.  Select a user, and repeat if needed for additional users.
9. Once you add one or more EIDs, you can leave them as a "reader" or you can click on that "reader" field to change it to another option such as "owner", or "writer".
10. If you want, select the "notify owners via email when this item is accessed" checkbox.
11. You can optionally add tags to the entry, which may be useful for searching or locating objects in Stache.  This field is not encrypted, so don't use tags that contain sensitive information.
12. Finally, click on the "save stache entry" button to save the entry.  You now have a Stache entry!
13. You should be taken back to the "stache home" view, where you can see all your Stache entries.  Entries that you've created are blue, while entries that have been shared to you by others are green.

You will now see all your Stache items listed alphabetically by nickname in your web browser window.  Click on one of them to see the contents – but notice that the encrypted fields "purpose", "secret" and "memo" don't display automatically but say "click to display", instead – this is to prevent someone looking over your shoulder from seeing your secrets!  Once you are sure no one is looking, click on the field with your mouse to see its contents.  When you are finished looking at it, it is best to return to "stache home" or to log out so your secrets are no longer displayed where someone might be able to see them.

There's more to Stache (see The ISO page on Stache Basics) , but the above is enough to get you started securely storing and sharing your data

Footnotes:

1. Stache leverages Federal Information Processing Standards (FIPS 140-2) and Common Criteria (ISO/IEC15408) evaluated Hardware Security Module (HSM) technology to provide advanced, reliable data-compromise protection and prevention.  This basically means that the data is stored very securely.  To prevent loss of data should the creator not be available, there is a strict process by which information stored in Stache can be recovered.  The process requires approval by several campus administrative units (e.g., Information Security Office, Legal Affairs, Compliance Office, Internal Audit) and is a last resort action only used when no other option exists.

Written by Eric Rostetter, Senior System Administrator
Questions or comments? The best and easiest way to contact us is via the CNS Help Desk form.