When working with Believable Magic or co-workers, you may need to share an API Key or other sensitive content with another person. But API Keys are powerful information that you should keep secure.
The least secure way to share information is via email message. Messages can live for a long time on mail servers and in people’s mail archives, waiting to be seen by the wrong person.
A more secure way to share information is to place it in a temporary encrypted storage place and then share the key with a person who can only use it to view the content until it expires — using an expiration period controlled by the one who shares.
How to share sensitive content:
- Go to this page: https://believablemagic.com/private.
- Paste or type the content into the Editor area or click Attach a File.
- Click Save.
- On the next page you will see: “Your shareable pasted content link is” followed by a web address.
- Share that web address one of three ways:
- Copy that web address and paste it into an email message for your intended recipient.
- Click the Email button to send it in a new email message.
- Click the QR Code button to embed the link in a QR code you can share with someone.
- If you assigned a Password while creating your shared item, be sure to share that password with the recipient, too.
The recipient simply visits the web address, enters the Password if you created one, and sees the content you shared.
After the expiration period, the web address won’t work any longer and the content is no longer accessible.
How it actually works:
The web page has JavaScript code that encrypts the content in the browser, then stores the encrypted content on the Believable Magic web server, but the key that unlocks the encrypted content is ONLY shown to the user in the web page — it is not stored anywhere else.
The encrypted content stored on the web server is useless without the key — which is not stored on the server.
The Believable Magic service linked above relies upon this open-source project: https://privatebin.info