14Oca
Sharing secret passphrase with others
Is it a good idea for a user who is the owner of encrypted data to share a secret passphrase with other users (workers) so that they can decrypt the encrypted data? Is there a better way? I'll add that the data is encrypted on the client side and stored in the database, and we don't have access to the key so we're unable to decrypt the data. The encrypted data consists of secret tokens used to access protected API endpoints. The user (worker) requires these secret tokens. The owner is the person who creates a project, that stores the secret tokens. Person with right permissions can append the secrets tokens to the project. Everyone belonging to the project should have access to the secret tokens.
