Automation

Secure handoffs for scripts, tools, and agents

Use the Shhhs API, CLI, and MCP-compatible workflows to create, request, and manage temporary secret handoffs without turning chat messages or logs into a credential store.

Why developers buy it

Automation turns Shhhs from a manual secret sender into an operational control: repeatable handoffs for scripts, CI, support runbooks, and agent workflows with scoped identities.

  • Repeatable handoffs
  • Scoped automation identities
  • Less plaintext in tickets and logs

Fixed Secret URLs

Give a script, CI job, or agent a stable Team alias such as github-deploy-key. The alias resolves the current encrypted version with a scoped API key, while the underlying secret still expires by TTL and views.

  • Stable alias for runbooks
  • Rotate encrypted versions
  • Resolve only with fixed:read

API

Create and manage supported secret-sharing workflows from your application. Authentication, scopes, rate limits, lifecycle controls, and error behavior are documented in the API reference.

  • Authentication
  • Scopes
  • Rate limits
  • Lifecycle controls
  • Error behavior

CLI

Use terminal workflows for repeatable delivery and retrieval. Agent-safe modes should support local sources and destinations without printing plaintext to standard output.

  • Environment variables
  • Files
  • Dotenv entries
  • Clipboard or file output
  • No plaintext stdout

MCP-compatible workflows

Allow approved agent tools to coordinate a handoff while limiting where plaintext may appear. A workflow is only described as agent-safe when the deployed client, server, logs, and destination behavior have been verified.

  • Approved agent tools
  • Controlled handoff
  • Verified client, server, logs, and destination behavior

Mobile-first private rooms

Private Rooms are designed to work as standalone links on mobile before native apps. A recipient can open only the room surface, not the full console, and the exchange remains bounded by plan limits and expiry.

  • Standalone room links
  • Token-to-token exchange
  • Native apps can build on the same room contract

Security rules for automation

Automation should keep service credentials scoped, short-lived, quiet in logs, and separated from human login.

  • Scope every service credential
  • Use short expiration by default
  • Avoid plaintext command-line arguments
  • Do not print secrets to logs or model transcripts
  • Rotate and revoke service credentials
  • Keep automation identities separate from human login

FAQ

Build a safer delivery step?

View API, CLI, and MCP options.