Danger! Danger! #
To properly manage your website, server, and other related assets, we sometimes have to ask for passwords and other secrets.
Sharing secrets is dangerous but sometimes necessary.
You should always be cautious, even when sharing with us.
- Make sure you know who’s asking for the secrets.
- Err on the side of caution.
- Choose the safest available method to share secrets with us.
- Share as little as possible.
We offer a number of different ways to safely share secrets with us and will continue to improve our documentation on this topic as new options become available.
If you have any questions or if anything seems suspicious, don’t hesitate to reach out and talk to us!
How to Safely Share Secrets #
So when there’s no way around it, we’ll ask you to send us the secrets. But there’s a catch: We need you to send them to us in a safe and secure manner. This is absolutely necessary to reduce your exposure and your risk.
Never send us secrets over insecure channels, such as plain email, SMS, insecure messengers, or any other medium known to be prone to attack.
There are a number of ways to send secrets securely. They have different advantages and disadvantages, some are easier than others, and they are not all equally secure. We consider the first preferable to the second, and so forth.
We only ask for your secret credentials when absolutely necessary. When we do ask for secrets, we do it in as safe and secure a way as we can.
You can share these select secrets with us in person, via your password manager, using a secure message passing service like One-Time Secret, or a secure messenger.
Whatever method you use to share the secrets with us, you still have to be cautious about it. If you’re not sure, ask us. If there’s something suspicious, talk to us. Always err on the side of caution.