Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> stop pasting secrets into Slack

You got me interested. I've seen sharing of API keys via Discords in hackathons.



You can use the age tool to encrypt secrets based on ssh public keys.

Here's a small shell script I use https://github.com/mhitza/toolbox/blob/main/scripts/encrypt-...

    encrypt-for github_username file


That's handy and obviously a major security increase compared to sharing on Discord, but I feel compelled to quote the age README:

> Keep in mind that people might not protect SSH keys long-term, since they are revokable when used only for authentication, and that SSH keys held on YubiKeys can't be used to decrypt files.

https://github.com/FiloSottile/age?tab=readme-ov-file#encryp...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: