Back to Journal Archive

Operation Burn Password.txt

By
Ruzz
Ruzz System Architect
Mar 13, 2026
~127lines
#security #case-study #cypher #internal-tools

A case study in building secure tooling without triggering revolt — and how we replaced bad habits without forcing new ones.

The Problem Nobody Wants to Admit

A small team was sharing credentials in the wild. Plaintext files. Slack DMs. The occasional sticky note on a monitor. They weren’t negligent — they were normal. Every small team does this until something goes wrong, and most of them know it.

I’ve seen this exact pattern at every small company I’ve worked with. It’s not laziness — it’s friction. People will always choose the path of least resistance, and “paste it in Slack” has zero friction.

They’d looked at the enterprise vaults. The per-seat pricing. The onboarding decks. The two-day rollout plans that assume your team has an IT department and a tolerance for change management.

They had neither.

What they needed wasn’t a product. They needed a path to better behavior — without blowing up how they already worked.

The Heartbred Pulse

We have a design philosophy we apply to every engagement: cut the overhead, solve the root, design for adoption. If no one uses it, it doesn’t matter how secure it is. A vault nobody opens is just a locked room full of sticky notes.

This is the core of what we call the Heartbred Pulse — a design-for-adoption philosophy that runs through everything we build. More on this in our solutions overview.

So we started with one question: where does this team already live?

The answer was Slack. It was their only shared habit — the one app that was always open on every screen.

The Slack Commands Nobody Used

We built slash commands first. /cypher get office-gmail. /cypher-admin store. Clean, fast, secure. Technically perfect. 

# Retrieve a credential
/cypher get office-gmail

# Store a new credential (admin only)
/cypher-admin store office-gmail

# Grant access to a team member
/cypher-admin grant office-gmail @john

# Revoke access
/cypher-admin revoke office-gmail @john

Commands read like sentences. That’s the point.

Nobody used them.

We built the ideal interface first and the team politely ignored it. This is the part they don’t put in the case studies. People don’t adopt tools because they’re elegant — they adopt them because they’re obvious.

The commands were there. The team knew they existed. They’d even tried them once or twice. But slash commands are a CLI mental model, and this team didn’t think in terminals. They thought in tabs and dashboards. The Slack bot collected dust while the sticky notes held on.

The API, at least, was solid. A Cloudflare Worker with AES-GCM encryption, KV storage, and zero discoverability. No marketing page. No sign-up form. Pure obscurity by design. If you don’t have the Slack workspace, you don’t know it exists.

Slack App → Cloudflare Worker → KV Store

           AES-GCM encryption
           ACL verification
           Slack ID identity mapping

The entire backend is a single Worker. No database server. No VPC. No infrastructure to maintain.

We had the engine. We just needed a steering wheel they’d actually grab.

The Dashboard They Actually Wanted

So we built a web interface. Slack OAuth login — same identity, same permissions, zero new accounts. A clean editorial-style UI for browsing, editing, and organizing credentials into drag-and-drop lists. Role-based access. Real-time search. A promote-to-shared workflow that lets personal credentials graduate to team-wide access.

They got it immediately.

The moment the dashboard went live, adoption wasn’t a conversation anymore. No training. No walkthrough. They opened it, logged in with Slack, and started using it. That’s the bar.

Point, click, search, copy. The mental model was instant — it looked like every other web app they already used. They started storing credentials. Then organizing them into lists. Then sharing them with teammates. The behavior we’d been trying to unlock through slash commands happened on its own because the interface matched how they already think.

And Then the Slash Commands Made Sense

Here’s the part we didn’t plan. Once the team had a mental model for how Cypher worked — what a credential looks like, how lists are organized, what “shared” means versus “personal” — the slash commands stopped being abstract. /cypher list wasn’t a mysterious incantation anymore. It was just a faster way to do something they already understood.

/cypher get 1 became a shortcut, not a learning curve.

The dashboard taught them the system. Slack gave them speed. Both interfaces hit the same encrypted backend. Use whichever fits the moment.

The Outcome

No more shared files. No fights about adopting new software. No forgotten tooling gathering dust in someone’s bookmarks bar.

Just a secure, team-scaled flow that earned trust by staying out of the way.

The credentials are encrypted at rest. Access is audited. Permissions are explicit. And not a single person had to sit through a training session to get there.

Zero training sessions. Zero onboarding docs. Zero “how do I log in again?” messages. That’s the real metric.

They didn’t change what they do. They just do it slightly better.

Operation Burn Password.txt was designed and built by Heartbred. The system is powered by Cypher API, Cypher Slack App, and Cypher Web.

Back to Journal 007-operation-burn-password