Secure Storage Master Key

I am curious about this request. As this is somewhat similar to Backup passwords in the past, did you use backup passwords? 

So to have several Keys or one key for all appliance, if you use a password safe application, should be easy to manage. Because you will actually need this in different scenarios: Backup/Restore, API Export/import. 

Yes, we use backup passwords, and we're happy just leaving it at that. There's nothing wrong with doing this and it meets our purposes just fine.

I don't want to have to get my staff to log in to 150 appliances, create 150 different keys, store them somewhere and then have to refer to them all the time for absolutely no reason other than Sophos says we have to.

We only need to do this because Sophos is forcing us to, which is ridiculous. It should be optional.

Hi Stuart,

the master key is required to do a restore as well as the backup file password, to me this is an overkill and you still cannot display the backup password.

Ian

I don't understand the problem with this. It's an encryption key to encrypt sensitive data; do you not want the sensitive data encrypted? - my only complaint would be that it should have been part of the OS since day 1, not appear in v18! I can see it may be a bit of a nuisance if you have a lot of XGs to upgrade but it would just be one more step in the upgrade process. As for another bit of data to record, well you already have to organise storing data (like login and backup passwords), so it is only one more data field.

The bit I don't understand is why it doesn't replace the backup password. I suspect this is a legacy issue and maybe in the future it will.

The ability to display passwords lowers security. I don't want it and I don't see the need for it.

I don't have any sensitive data to encrypt. But even if I did, let me download the key and use the same key on other devices. I don't want 8 different keys for the same customer. Either way, it should be my choice whether I want to use a key or not. They make annoying changes like this, but still can't implement feature requests from 6 years ago with 1000 votes. Just yet another reason to move away from Sophos.

I don't have any sensitive data to encrypt. But even if I did, let me download the key and use the same key on other devices. I don't want 8 different keys for the same customer. Either way, it should be my choice whether I want to use a key or not. They make annoying changes like this, but still can't implement feature requests from 6 years ago with 1000 votes. Just yet another reason to move away from Sophos.

Surely you can just enter the same key for each of a customer's devices? We use one key per customer.

I do understand your frustration though. I've said it before but their seems to be little business understanding in the development team. They really need to get to grips with how people use their products and what they need, if they want to be successful. Their product development seems to be driven by nerds isolated from the 'real' world. (I mean that kindly, I consider myself a nerd).