You can now securely share secrets with users outside of your team with Phase Console's Secret Sharing feature: Lockbox. Secrets shared with Lockbox are encrypted with zero-trust encryption, and can only be accessed and views using the link. You can set a custom expiry policy for the link based on either number of views or a fixed expiry time.
Users sometimes need to share a single secret with a user who isn't on Phase or not in their Organisation. Rather than using insecure channels such as Slack or email, you can now create a secure link to share secrets with members in your team without having to invite them to join your Organisation in Phase.
Sharing a Secret
To share a Secret from the Phase Console, simply click the "Share" icon. This will bring up a dialog with a text box for you to customize, pre-filled with the secret values. You can set a custom expiry policy for each Lockbox link that you create, based on either a maximum number of allowed views, or a fixed expiry date.
Clicking "Generate link" will asymmetrically encrypt this Secret with a one-time-use key, and provide you a link that you can copy and share with the recipient. The link contains a unique id as well as the key for decryption encoded in the URL Fragment. The key is only parsed client-side by the browser and never transmitted to the server.
Viewing a Secret shared with Phase Lockbox
Clicking the link will show the recepient the number of allowed views as well as the expiry time remaining. Clicking "View Secret" will decrypt and display this Secret, and increment the number of views.
Secret sharing with Phase Lockbox is now live on Phase Cloud and available in v2.14.0.