Developer tooling2025LEARN Québec · Secure Secret

Slack-native ephemeral secret sharing with TTL

A one-command Slack integration for sharing credentials, tokens, and API keys — Fernet-encrypted, TTL-bound (60–1440 min), rate-limited, and auto-purged after read.

The problem

Credentials shared over Slack DMs or email persist indefinitely and have no audit trail. The team needed a way to share short-lived secrets without exposing them in chat history.

Approach

FastAPI backend with Fernet symmetric encryption and MySQL for secret storage
TTL system: secrets auto-delete after 60–1440 minutes or on first read
Slack slash-command interface — `/secret <value>` returns a one-time link
Rate limiting (60 req/min) to prevent enumeration attacks
Automatic cleanup job purges expired secrets on schedule

Outcome

Credentials never persist in Slack history — link burns on read or expiry
Adopted by the LEARN Québec team as standard practice for credential handoff
Zero-infrastructure burden — runs as a single Docker container behind HTTPS

Next case study

CRA XML import portal with session auth and audit trail

LEARN Québec · CRA Portal

Got a project that's been waiting too long?

We respond to every inquiry within one business day. No funnels — just a real conversation about whether we're a fit.

Get in touch See services