Skip to main content

DEVOPS

Stop sharing secrets over Slack.

CIPH4 is built for automation and designed for developers. Full REST API with Bearer token auth, webhooks for real-time events, and official SDKs for Python and PowerShell — integrate secure secret sharing into any workflow in minutes.

Get an API keyRead the docs

THE WORKFLOWS

Real DevOps use cases

Six real scenarios where engineering teams reach for CIPH4 instead of Slack DM, email, or a sticky note.

01

On-call credential handoff

Page goes off at 2 a.m. — the new on-call engineer needs the production DB password right now. Send a CIPH4 link with 1-view + 5-minute expiry. The view event fires a webhook to your incident channel. No credential lives in chat history.

02

Contractor SSH key delivery

A contractor needs the staging cluster's bastion key. Send a multi-file drop with the key + connection runbook. Recipient identity binding (Teams and Enterprise) requires email verification before decrypt. Burned after first view.

03

CI/CD secret rotation

Rotate the deploy key without committing to Git. Pipeline POSTs to /api/dead-drops, posts the link URL to your secret manager. The webhook fires when the new system pulls it — that's your signal to revoke the old key.

04

Cross-vendor KMS handoff

Hand off a new cloud KMS rotation key to security. Multi-file drop bundles the runbook + new key + verification proof. Modify-after-send tightens view caps as each step of the rotation completes.

05

Postmortem artifact sharing

Forensic data, log dumps, exception traces — share with vendors, regulators, or external IR. Hash-chained access log captures every view. Ed25519 deletion receipts close out the engagement defensibly.

06

Build artifact distribution

Signed binaries to a partner's release team. Per-IP allowlist (Enterprise) pins access to their CI runner egress range. Webhook fires the moment they pull — the deploy clock starts there.

THE SURFACE

Full REST API coverage

Four integration surfaces. Real Bearer-token auth, real webhook delivery, and every endpoint shipped with the OpenAPI spec.

01

REST API

Complete CRUD operations for drops, orgs, compliance, and more. Bearer token auth, JSON responses, proper HTTP status codes.

02

Webhooks

Real-time event notifications for drop viewed, burned, revoked, and expired. HMAC-signed payloads with retry and dead-letter queue.

03

Slack integration

Create and share encrypted links directly from Slack. Slash commands for quick drops without leaving your chat workflow.

04

OpenAPI spec

Full OpenAPI 3.0 specification for auto-generating clients. Import into Postman, Insomnia, or your own code generator.

THE TOOLING

Same drop, three SDKs

Create a one-view drop that expires in an hour. The shape is the same across curl, Python, and PowerShell.

Python

pip install ciph4
import ciph4

client = ciph4.Client(
  api_key=os.environ["CIPH4_API_KEY"],
)

drop = client.drops.create(
  payload="db_password_here",
  max_views=1,
  expires_in="1h",
)

print(drop.url)

PowerShell

Install-Module Ciph4
Install-Module Ciph4
Import-Module Ciph4

$env:CIPH4_API_KEY = "sk_..."

$drop = New-CIPH4Drop `
  -Payload "db_password_here" `
  -MaxViews 1 `
  -ExpiresIn "1h"

Write-Output $drop.Url

curl

Any HTTP client
curl -X POST \
  https://ciph4.com/api/dead-drops \
  -H "Authorization: Bearer $CIPH4_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "payload": "db_password_here",
    "maxViews": 1,
    "expiresIn": "1h"
  }'

Full method reference is in the API docs. OpenAPI spec at /api/openapi.

THE PIPELINE

Wire CIPH4 into your CI

A real GitHub Actions workflow that rotates a deploy key, stashes it in a one-view CIPH4 link, and pages the on-call. Burned the moment the new system pulls it.

.github/workflows/rotate-deploy-key.yml

GitHub Actions
name: Rotate deploy key

on:
  schedule:
    - cron: '0 4 1 * *'   # 1st of each month at 04:00 UTC

jobs:
  rotate:
    runs-on: ubuntu-latest
    steps:
      - name: Generate new ed25519 deploy key
        id: keygen
        run: |
          ssh-keygen -t ed25519 -N "" -f new_key -C "deploy-$(date +%Y%m)"
          echo "private=$(base64 -w0 new_key)" >> "$GITHUB_OUTPUT"

      - name: Stash the new key in a one-view CIPH4 drop
        id: stash
        env:
          CIPH4_API_KEY: ${{ secrets.CIPH4_API_KEY }}
        run: |
          DROP_URL=$(curl -sS -X POST https://ciph4.com/api/dead-drops \
            -H "Authorization: Bearer $CIPH4_API_KEY" \
            -H "Content-Type: application/json" \
            -d "{
              \"payload\": \"${{ steps.keygen.outputs.private }}\",
              \"maxViews\": 1,
              \"expiresIn\": \"1h\"
            }" | jq -r '.url')
          echo "drop_url=$DROP_URL" >> "$GITHUB_OUTPUT"

      - name: Page on-call with the link
        env:
          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
        run: |
          curl -sS -X POST "$SLACK_WEBHOOK" \
            -H "Content-Type: application/json" \
            -d "{ \"text\": \"New deploy key staged: ${{ steps.stash.outputs.drop_url }}\" }"

Webhook fires when on-call opens the link — that's your signal to revoke the old key. The new private never lives in Git, Slack history, or an env-var dump.

THE WEBHOOKS

Verify every payload

Every webhook is HMAC-signed with your endpoint's secret. Reject any payload that doesn't match — defense against replay, spoofing, and middlebox tampering.

Event types

  • drop.viewedRecipient decrypted the link.
  • drop.burnedDrop hit its terminal state (views / downloads exhausted).
  • drop.revokedSender or admin manually killed the link.
  • drop.expiredTime axis triggered burn.
  • drop.delivery_anomalyThreat-detection rule fired on a delivery attempt.
  • file_request.receivedRecipient uploaded a file to your file-request.
  • file_request.completedRecipient finished the file-request session.
  • threat.createdOrg-level threat alert raised (Enterprise).

webhook_handler.py

Python
import hmac
import hashlib
import os
from fastapi import FastAPI, Request, HTTPException

WEBHOOK_SECRET = os.environ["CIPH4_WEBHOOK_SECRET"]

def verify(body: bytes, header: str) -> bool:
    expected = hmac.new(
        WEBHOOK_SECRET.encode(),
        body,
        hashlib.sha256,
    ).hexdigest()
    return hmac.compare_digest(f"sha256={expected}", header)

app = FastAPI()

@app.post("/webhooks/ciph4")
async def handle(req: Request):
    body = await req.body()
    sig = req.headers.get("X-CIPH4-Signature", "")
    if not verify(body, sig):
        raise HTTPException(401, "bad signature")
    event = await req.json()
    # Route on event["type"] — drop.viewed, drop.burned, ...
    return {"ok": True}

Failures retry with exponential backoff. Permanent failures land in your DLQ for inspection — no events are silently dropped.

THE INFRASTRUCTURE

Production infrastructure

The capability surface your security-review team can put a name to. Vendor specifics under NDA on request.

Auto-scaling runtime

Managed application runtime with auto-scaling, zero-downtime deploys, and managed TLS. Multi-region failover-ready.

Encrypted, geo-redundant database

Relational database encrypted at rest (AES-256), with read replicas for traffic split and automated point-in-time backups.

In-memory cache layer

Managed cache for rate limiting, session storage, and real-time feature gates. Sub-millisecond latency, fail-closed degradation.

Encrypted object storage

Geo-redundant object store for ciphertext payloads. Signed-URL uploads + downloads, lifecycle policies for ephemeral content.

Connection pooling

Transaction-mode pooler in front of the database to absorb concurrent load without exhausting connection limits.

Automated CI/CD with security gates

Every pull request runs IDOR sweeps, dependency audit, env-drift check, audit-chain integrity gate, and end-to-end tests before merge.

Ready to integrate?

Free includes the encrypted-link UX. Teams adds API access and scoped tokens; Enterprise adds tamper-evident webhooks.

Get an API keyRead the docs