Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Have you considered adding some kind of encryption of the secrets with a preshared key generated inside the action to make the SaaS zero-knowledge? Currently it appears the service can read all the secrets in plaintext.


This is tangential to your comment and not a complaint - That isn't zero-knowledge that is end-to-end encryption.

I've been noticing a lot of marketing materials describe themselves as "zero-knowledge" when it's just E2EE.

I definitely agree it would be nice to have.


Added an issue to track this: https://github.com/step-security/wait-for-secrets/issues/56

The backend API is open-source, and the secrets are cleared immediately after use from the data store, but I agree this is a good idea.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: