How to securely share passwords and keys in PayStar#
The “Secure data” (One-time secret) section helps you safely share sensitive information — passwords, API keys, private links, test credentials — without storing them in chats, tickets, or documents.
1) What is One-time secret and why do you need it?#
One-time secret is a temporary secret that can be opened using:Time to live (e.g., 1 hour / 1 day / 1 week / 1 month)
Login count (1 / 2 / 3 / 5)
reduces the risk of leaks,
prevents storing passwords directly in a chat/task,
helps follow basic security practices.
2) When to use it (common scenarios)#
Use One-time secret when you need to share data that must not remain in a chat or task:PSP dashboard/cabinet logins and passwords, test accounts;
API key / token / secret, webhook secret;
private URLs, configs, and access instructions;
one-time credentials for integration and testing.
3) What you can share and what you should avoid sharing#
You can share#
API key / token / secret;
private links, short instructions, and configs (including Markdown).
Not recommended#
card data (PAN/CVV) and any PCI-sensitive information;
customer personal data unless clearly required;
large dumps containing sensitive data.
Share only what is required for the task, and keep it available for the shortest possible time.
4) How to create a protected secret (step by step)#
1.
Open the “Share secure data” modal.
2.
Paste your content into “Secure data” (Markdown is supported: headings, lists).
3.
Select Time to live: 1 hour / 1 day / 1 week / 1 month.
4.
Select Login count: 1 / 2 / 3 / 5.
5.
Click “Share secure data”.
5) How the recipient opens the secret#
2.
Enter the Login key (if it was not filled automatically).
4.
Review the data and click Copy to copy the content.
6) How limits work: time to live and login count#
Time to live#
This is the time period during which the secret is available. After it expires:the secret cannot be opened,
you must create a new one.
Login count#
This is the limit on how many times the secret can be opened:each successful open consumes one login,
once the limit is reached, the secret becomes unavailable.
For maximum security, use 1 hour + 1 login if there is only one recipient.
7) Best practices: how to share as safely as possible#
Set minimum TTL and logins: 1 hour and 1 login (when possible).
Send the URL and Login key via different channels:key via email (or vice versa).
Use temporary test credentials.
After the work is completed, rotate (re-issue) passwords/tokens.
Do not paste secrets into public chats, documents, or screenshots.
For team operations, record who received access and when.
8) Common issues and troubleshooting#
The secret does not open / Expired#
Cause: the time to live has elapsed.
Solution: create a new secret and send a new URL/key.Login count is used up#
Cause: the login limit has been reached.
Solution: create a new secret.Wrong Login key#
Cause: copy/paste error (often due to extra spaces).
Solution: copy the key again using the copy button and paste it without extra characters.Content is not visible#
use another browser / incognito mode,
disable extensions (AdBlock/Privacy).
what exactly you see on the screen.
9) Quick checklist before sharing a secret#
