Scrt.link for Slack

Scrt.link for Slack

Some things better not stay in your chat history.

Chris's photo
Chris
·Dec 15, 2021·

2 min read

It's a very common scenario: A coworker asks you for some access token, API key or password on Slack. You feel the sudden unease because you are aware of the potential security implications, but eventually, you still reply. Because "what the hell", better than email, right? Well, not really. It's important to understand that Slack conversations are never fully private. A system administrator (or your boss) can potentially access and read all your Slack messages, even the private ones.

slack-interface-illustration.png

We have a very simple and convenient solution for this problem: With the Scrt.link Slack App you can create one-time secrets right from within your conversations. Only a reference link stays in your chat history. After the secret link has been clicked once, it self destructs and is not accessible anymore. The secret is destroyed for good and a 🔥 emoji is added automatically to indicate that.

How to use

👉 Install the Slack App

After you have installed the app, there is not much more to do.

Slash Commands

You can now create secrets via Slash Commands. Where ever you are, just type:

    /scrt //opens a dialog to create a secret.
    /scrt [secret goes here…] //creates a secret link instantly (of type Text).
    /scrt [text|link|neogram] //opens a dialog to create a specific type of secret.
    /scrt help //opens a help dialog.

Shortcuts

Just click the ⚡️ icon and choose Scrt.link. If you are inside a conversation you can also use the context menu (3 dots) and select Reply with a secret. After that, just use the form.

slack-screenshot-create.png

Important information about security limitations of the Slack App

Due to the nature of how Slack apps are designed, full end-to-end encryption is not possible. We take a number of steps to make sure your secrets are safe, including encrypted connections, sandboxed application server, limited access to infrastructure, etc. In 99% of use cases this is fine and a risk worth taking - still, Slack is proprietary software where we don't have control over. In other words, if you need advanced protection, create secrets on the website instead.

Spread some Love

Did you find this article valuable?

Support Chris by becoming a sponsor. Any amount is appreciated!

Learn more about Hashnode Sponsors
 
Share this