How to share secrets with the Spryker Support Team

Edit on GitHub

This document explains how you can securely share secrets or credentials with the Spryker Support Team. In general, the safest way to share secrets is not to share them, but if the situation demands it, we ask you to share secrets only the way described in this document.

Spryker employees never ask for credentials. We delete and don’t work with any credentials received if they were not shared using the process outlined below. Legit use cases for sharing secrets are very limited, so when in doubt, please discuss the issue with us before sharing your secret.

Prerequisites

Register in our Slack community.

Process for sharing the secrets

Stick to the following process when sharing secrets with the Spryker Support Team.

Having an active related case is a prerequesite to sharing a secret with the team.

  1. Create a secret message by navigating to One-Time Secret and inserting your secret there. Make sure to configure a passphrase for your secret.

Do not include information on what the secret content is for—for example, if you insert a password, do not provide the username for it. Also, don’t include any information about where and how to use the secret. Also, create a new link for every individual secret you want to share.

  1. In the Case Details, in the Link Passphrase field add the secret link.
  2. Create a comment on the case that the team must retrieve the secret link.
  3. The Team retrieves the link and then clears the field and provide a comment.
  4. Add the passphrase to the link in the same—now empty—field.