I've never used it in production (my last shop was heavily AWS based and relied on IAM), but I always like the look of Hashicorp's Vault [0]

https://www.vaultproject.io/

When it comes to security, there are no dumb questions.

There are a few SaaS offerings that will let you do that. LastPass or onepassword are two commonly used.

One you can use something like keypass to store a database in a shared location if you don't trust the SaaS offerings.

If you are looking at storing credentials for automation purposes, and don't have a secret store built in, you could look at something like Hashicorp Vault to help provide this for you

LastPass has a terrible track record in security, that was nicely edited out from wikipedia by a fresh user: https://en.wikipedia.org/w/index.php?title=LastPass&action=h...

The user in question has some specific interest in editing LogMeIn, parent of LastPass, pages: https://en.wikipedia.org/w/index.php?limit=50&title=Special%...

I think that something like Stack's Blackbox is the best idea. This ansible-based setup also explains the concepts pretty well: http://ansiblecookbook.com/html/en.html#how-do-i-store-priva...

In person I use a thumb drive. You could encrypt the credentials using PGP and send it to a coworker if they are remote.

Sometimes I just go on google hangouts and share my screen if I'm feeling lazy.

We're using Keepass / MacPass password protected vault shared with the team using Dropbox. It's really good and essentially free to use if you use a free Dropbox account.

Then make sure you use 2FA on the Dropbox account. And you should use a key + password to unlock keepass.

Keepass and keybase team repo to sync.

We use 1password for teams.