|
|
|
|
|
|
by bvallelunga
1942 days ago
|
|
|
Brian from Doppler here. We are an easy way to manage environment variables across projects and services. We did a Launch HN last year: https://news.ycombinator.com/item?id=24719722. Since then, we've been hearing repeatedly from our users that they want a more secure way to share one-off secrets, like API keys, passwords, credit cards, coupons, wire info, lockbox codes, etc. This is understandable, since using Slack, SMS, or email for this leads to your secrets living unencrypted in those systems forever. So we've made a new product to address this. It is a one-click way to share one-off secrets, end-to-end encrypted with links that auto-expire after a certain number of views and days. All the encryption is done browser-side so our servers never see the raw secret or the encryption key. We use AES-GCM to encrypt your secrets, with a symmetric key derived from a cryptographically random 64 character passphrase using PBKDF2. If you want to dive deeper into how the data flows, we documented every step of the send and receive flows: https://docs.doppler.com/docs/share-security We built this so anyone can use it immediately without needing to create an account or jump through any hoops. Try it out: https://share.doppler.com/s/zg5aqzfbidn9femgnaas2wf2syedqf0s... Would love to hear what you guys think! |
|
|