https://blog.tauveron.com/tags/secrets-management/ Recent content in Secrets-Management on Thibaut Tauveron Hugo en Fri, 29 May 2026 00:00:00 +0000 https://blog.tauveron.com/the-security-model-behind-a-secret-sharing-link/ Fri, 29 May 2026 00:00:00 +0000 https://blog.tauveron.com/the-security-model-behind-a-secret-sharing-link/ <h1 id="1-the-link-as-a-security-object">1. The link as a security object <a href="#1-the-link-as-a-security-object" class="anchor">🔗</a></h1><p>I recently built psst-rs, a small secret-sharing service written in Rust.The goal is simple: paste a small secret, generate a link, send the link to someone, and let the secret be read only once.</p> <p>A secret-sharing link is not a normal link. It does two things: It points to the encrypted secret and it carries the key needed to decrypt it.</p> <p>In psst-rs, the server never sees the key: the secret is encrypted in the browser with AES-GCM. The server receives only the ciphertext and the nonce, the key remains in the URL after #.</p>