Password Scale

Manage the team passwords in a secure way

Add to Slack

Convenient Password Sharing

Solve the team frustrations when managing passwords, get access to the shared password pool only by entering in a Slack group.


Secure Password Storage

Keep the team passwords encrypted and saved in a secure storage, mitigate the risk of compromising passwords stored in multiples and potentially insecure places.


Transparent and Open Design

We document the encryption design, publishing the entire source code, making possible code reviews and check the implemented zero knowledge protocol.

Slack command ussage:

/pass or /pass list

List the available passwords in the channel.

/pass <secret> or /pass show <secret>

To retrieve a one time use link with the secret content, this link expires in 15 minutes.

/pass <secret>

To retrieve a one time use link with the secret content, this link expires in 15 minutes.

/pass insert <secret>

To retrieve the link with the editor to create the secret, this link expires in 15 minutes.

/pass remove <secret>

To make unreachable the secret, to complete deletion is necessary doing it manually from the s3 password storage.

/pass register <password_server_url>

To setup the password storage, it is only necessary to execute it once.

How it work?

To exemplify how the zero knowledge algorithm works, let's look at the following examples:

Been Alice and Bob members of the same Slack group, they need to share the password of the service Bar. This is the process that they need to follow to share it. In this example Alice will create the secret and Bob will consult it.

Creating a secret

  • Alice: Requests a link to create the secret (/pass insert Bar)
  • Proxy Server: Generates an unique editor link, valid for 15 minutes
  • Slack: Shows the editor link, only visible for Alice
  • Alice: Follows the link
  • Proxy Server: Requests the the public key to the Password Server and send it to the editor
  • Editor: Displays itself in Alice's browser
  • Alice: Writes the shared secret
  • Alice: Press the "Create" button
  • Editor: Encrypts the secret before sending the request
  • Editor: Sends the request to the Proxy Server
  • Proxy Server: Sends the encrypted secret to the Password Server (note that this secret is indecipherable for this server)
  • Password Server: Stores the encrypted secret in the configured S3 bucket.

Retrieving a secret

  • Bob: Requests a link to see the secret (/pass Bar or /pass show Bar)
  • Proxy Server: Requests the secret to the password server using the Slack team name and channel id
  • Password server: Reads and decrypt the secret
  • Password server: Generates one time use link with the secret, valid for 15 minutes (using One-Time Secret API)
  • Password server: Encrypts the link with the Proxy Server public key
  • Password server: Sends the encrypted link to the Proxy Server
  • Proxy server: Decrypts the one time use link
  • Proxy server: Sends the link to Slack
  • Slack: Shows the link only visible for Bob
  • Bob: Follows the link
  • Onetimesecret: Shows and destroys the secret

Go to our github project for instructions on how to set up your own password server, also you can try the command on your Slack team using our test server

Send us a message