Live, limited P2

Handle and revoke credentials safely

Store only required values, understand what exports omit, and revoke access in the service that issued it.

Availability
Live, limited
Last verified
Runtime anchor
ab084f79c5ed3fc6a28f07c64b29920944a0e5db
Certification anchor
db23559179dc3c67be8a1ab16a0f07323b9820f7
Evidence note
Masking, export redaction, tenant scoping, and local-removal boundaries were verified. No unsupported encryption-at-rest claim is made.

What this does

Store only required values, understand what exports omit, and revoke access in the service that issued it.

Before you begin

  • Know which store/provider each token or key belongs to before saving it.
  • Never send full credentials, magic links, session cookies, or license keys in screenshots or support email.

What changes outside ArtDrop

Saving or clearing a credential changes ArtDrop-held configuration. Removing a store or clearing a token does not revoke authorization at Shopify, Gelato, Printful, Printify, storage, or the personal-key provider.

Steps

  1. Use the narrow credential

    Create a credential for the intended app/shop/store with only the scopes required by the current connection UI.

  2. Confirm the destination

    Save it only on the matching store/provider card, then use Test connection or the provider catalog load. Do not reuse an unrelated shop’s credential as a fallback.

  3. Understand storage truth

    Hosted browser views mask values and portable exports redact them. Do not infer application-level encryption at rest from masking. Mac configuration is stored locally on the device; protect the device and configuration file and do not claim Keychain-only storage.

  4. Rotate safely

    Create/authorize the replacement in the external service, update the exact ArtDrop connection, test it, then revoke the old credential externally.

  5. Retire both sides

    Remove the ArtDrop record when safe, then uninstall/revoke/cancel in the external account as applicable. Preserve required order or tax records.

Expected result

The new credential passes the exact connection test, the old one is revoked at its issuer, and redacted exports contain no credential values.

Limits and non-goals

  • Masking protects casual display and exports; it is not proof of a particular infrastructure encryption control.
  • A store removal can be blocked while active work or safety coverage is unresolved.

Troubleshooting

  • For suspected exposure, revoke at the issuing service first, then replace ArtDrop configuration and inspect recent activity.
  • For repeated 401/403, do not keep retrying a possibly revoked key; test and rotate it.

How to undo or clean up

Revocation is performed in the issuer. ArtDrop removal alone is not a security revocation or external cleanup.