This doc explains one of the methods we recommend for sharing secrets safely, with the caveat that the safety is neither absolute nor guaranteed.
Don’t forget that sharing secrets is dangerous even if sometimes necessary.
A Secure Message Passing Service #
By using a secure service designed exclusively for the purpose of sending secret messages, you can share occasional secrets with us and mitigate most of the risk associated with most messengers. These services use encryption, expiration, and lots of sophisticated technical wizardry to ensure messages are sent as safely as possibly.
Our current favorite is the One-Time Secret service. It’s stable and reputable, and its code is open source and peer-reviewed.
It’s also very easy to use:
- Go to https://onetimesecret.com/.
- Add the secret message in the big text field that says “Secret content goes here“.
- Set the Passphrase to encrypt the message. This is an optional step but recommended. You’ll have to send us the passphrase, of course.
- Change the Lifetime if it makes sense. For most purposes, you can just leave the default of 7 days. All messages expire but you can lengthen or shorten the expiration.
- Click Create a secret link.
- After you click the button, the next page will show the secret link. Copy the link and send it to us. You can send us the link by email to email@example.com but we prefer that you send it using one of our other more secure channels.
- If you set a passphrase in a previous step, you’ll have to send it too. You can send it by email or another secure channel but do not put the passphrase inside this message.
The Security Guarantees #
One of the great things about this service is that a secret can only be seen once, hence the name. Once it’s been seen, the service deletes it and it’s impossible for anyone else to see it.
That provides an extremely useful set of guarantees:
- If we receive the secret, it means that nobody else saw it. Your secret is safe.
- If we missed the expiration, the secret is gone and neither we nor anybody else can see it. Your secret is still safe. If we still need it, you can just send it again.
- If we try to access the secret on time and discover that the secret is missing, it means that somebody else saw the secret. That means your secret is not safe and you have to take action. Maybe you have to change a password or maybe you’ve been hacked. Knowing that is extremely useful.
- If you regret sharing the secret before we or anybody else has seen it, you can simply revoke it. You secret is safe.