Cool app! Doppler looks great but i have a tiny concern about the Bugsnag 3rd party script. Unless Doppler own Bugsnag, i think for a sensitive tool like secret sharing, you should remove it.
Shameless plug: I made a similar tool base off another project after FirefoxSend shuts down but deploy on AWS instead of GCP :) It is hosted here if anyone wanna take a look or roll their own https://www.relaysecret.com/. The design philosophy is the same (everything is encrypted on clientside, no plaintext or password leave clients browser, minimal backend).
Hi! I am Ruud, an engineer at Doppler. Good question! We made sure that the passwords in the URL are always stripped out when sending anything to Bugsnag. This way, we (or Bugsnag) never have enough information to decrypt the encrypted secrets.
However you make a good point, we initially added this to make sure the website is stable without errors, but at this point we can remove it (in progress at the moment).
Shameless plug: I made a similar tool base off another project after FirefoxSend shuts down but deploy on AWS instead of GCP :) It is hosted here if anyone wanna take a look or roll their own https://www.relaysecret.com/. The design philosophy is the same (everything is encrypted on clientside, no plaintext or password leave clients browser, minimal backend).