Sharing Secrets Is Dangerous #
This doc provides guidance on when to share secrets with us, and more importantly, on when not to do so.
- Sharing secrets is always risky. You can never completely guarantee that the secrets won’t be intercepted somehow. By sharing them, you’re also increasing your exposure because you’re not the only one who knows them.
- You should avoid sharing secrets with anybody, even with us, so long as it can be avoided. And if you do have to share secrets, you should make sure to share them as safely and securely as possible.
- We recommend that you always reach out to us directly to verify that we asked for any secret. We’ll always be completely transparent about why we need any secret and will offer alternatives if we can.
- If you’re suspicious for any reason, always err on the side of caution.
Don’t Share Secrets If You Can Avoid It #
When you get a hosting, care, or perimeter plan with us, we start setting things up. Depending on the plan and your needs, we might require access to your server, your website, and possibly other assets, such as your domain registrar or Email Service Provider (ESP). We need this access in order to properly manage your website.
We try to limit the level of access as much as we can without hindering our operations. For example:
- To manage and edit your domains, we ask for limited access to your domain registrar whenever possible.
- If you need our help to connect your ecommerce store to your PayPal account, we’ll ask you to create a separate PayPal user for us on your account with the minimal permissions necessary to accomplish that task.
- We try to write guides and tutorials so that you can do some of these tasks on your own.
- We take similar measures with every account on every system we manage on your behalf.
When Sharing Secrets Is Necessary #
But there are some situations for which we require deeper access. For example:
- To properly manage an existing website hosted elsewhere, such as on one of our care or perimeter plans, we’ll probably need full administrative access to the server and the website.
- Some tools and services don’t offer ways to grant limited access to third parties.
- When troubleshooting problems, we often need full access to be able to diagnose and fix them.
Because it can be dangerous to share credentials (e.g., username and password) and other relevant secrets, we go to a lot of trouble to avoid asking for them to begin with unless it’s absolutely necessary. But when we need access that we don’t already have and the alternatives are irrelevant or nonexistent, we’ll ask you to share only the specific secrets we need and only in the safest way we can.