I work in a large enterprise environment, and I supervise a team of Unix admins that need to access several websites to verify different things about different servers. Access to these various websites are all password-protected, and I'm the only one who is notified when those passwords change -- at the request of the business. I'd love to set up a website that stores these passwords in a database that users of the website can view, but I know in the back of my head that storing passwords online is undeniably insecure. Surely this can't be a new problem, though. How do other people get around this problem?

My solution was to build a server from scratch with only 1 logon...mine. On that server run a PHP/MySQL combination with the passwords stored in the database using a symmetric encryption algorithm. Then when a user logs in, store the key in the users cache for the session, then remove it when they leave or have it timeout. Obviously, I'd have both my private key and my encrypted text on the same system (insecure!), but I don't know how else to do it. Any ideas?