It's a very common scenario: A coworker asks you for some access token, API key or password on Slack. You feel the sudden unease because you are aware of the potential security implications, but eventually, you still reply. Because "what the hell", better than email, right? Well, not really. It's important to understand that Slack conversations are never fully private. A system administrator (or your boss) can potentially access and read all your Slack messages, even the private ones.
We have a very simple and convenient solution for this problem: With the Scrt.link Slack App you can create one-time secrets right from within your conversations. Only a reference link stays in your chat history. After the secret link has been clicked once, it self destructs and is not accessible anymore. The secret is destroyed for good and a 🔥 emoji is added automatically to indicate that.
How to use
After you have installed the app, there is not much more to do.
Slash Commands
You can now create secrets via Slash Commands. Where ever you are, just type:
/scrt //opens a dialog to create a secret.
/scrt [secret goes here…] //creates a secret link instantly (of type Text).
/scrt [text|link|neogram] //opens a dialog to create a specific type of secret.
/scrt help //opens a help dialog.
Shortcuts
Just click the ⚡️ icon and choose Scrt.link. If you are inside a conversation you can also use the context menu (3 dots) and select Reply with a secret. After that, just use the form.
Important information about security limitations of the Slack App
Due to the nature of how Slack apps are designed, full end-to-end encryption is not possible. We take a number of steps to make sure your secrets are safe, including encrypted connections, sandboxed application server, limited access to infrastructure, etc. In 99% of use cases this is fine and a risk worth taking - still, Slack is proprietary software where we don't have control over. In other words, if you need advanced protection, create secrets on the website instead.