Freshdesk Secret Message

This app makes sharing secrets or sensitive messages easier through FreshDesk by creating a timebomb and limited view count message with audit capability.

Comment

Inspiration

Security is a big concern nowadays. Often customer support does not just help answer questions regarding the product. Sometimes, they need to deal with potential customers asking for a demo account, sharing critical logs for troubleshooting, or even just sharing some one-time password. How do you share them securely?

Traditionally, they would share it within the Service Desk comments and leave it exposed to potential threats. Another workaround could be using services such as Tresorit or Box. What about making the solution integrate seamlessly with FreshDesk? This is the solution for it.

What it does

The application allows easy sharing of sensitive or secret messages securely through FreshDesk ticket conversation.

How we built it

Firstly, displaying and inputting information is done through FreshDesk's Core API and App SDK. There are 2 parts to it.

  1. Creating a secret message in the ticket view can be done using location ticket_conversation_editor and interface setValue trigger.
  2. Listing page to display the collection of secrets created by who, when, and where. This listing page served as an auditing purpose to ensure traceability for a secure and compliance software.

Next, we leverage existing encryption technology OpenPGP to secure the message transit and storage. We also leverage an open-source project (yopass.se ) to enable us to build on a cloud service that is cheap and easy to maintain.

Challenges we ran into

There are a couple of challenges we ran into that are due to the constraint of the FreshDesk technology.

  1. Ticket conversation editor does not support dynamically rendered components. - Our initial implementation is to unlock the secret within the conversation view. Due to the restriction, we opt for a workaround to open and view the secret through an external link.

  2. Data Storage looks promising but lacks functionality such as retrieve all. - Due to the lack of a database system within the ecosystem, we have resorted to Restdb.io as a simple SaaS base workaround to store the encrypted secret that was created. This is needed to showcase the capability of auditing and traceability.

  3. Support or documentation for multipage React component example/template/boilerplate. - The cli approach of creating a React app is a hit and miss. There is no clear documentation on how to use the data structure to the fullest. As an example, within the app, we use 2 locations. 1) ticket_conversation_editor, 2) full_page_app. There seems to have too much "black magic" behind the fdkConfig in the package.json that is not documented. Thus, fdk run only works for index.html and the other page has to be implemented using vanilla js.

I believe with the continuous improvement of the technology, we could rework the app to make it seamless and have a lesser external dependency on the project. Most of the challenges faced during the implementation are finding workaround such as spike on yopass.se, restdb.io, and other similar tools before deciding on the tool to use.

Accomplishments that we're proud of

I work solo and started the implementation late. Once I have identified the problem and solution to solve the process is pretty straightforward. Needless to say, the documentation and tools are sufficient for me to complete a working product for both frontend and backend.

What we learned

Freshdesk documentation is easy to read and understand. This helps us to understand the FreshDesk product and the value proposition it provides to the customer.

Asymmetric encryption is a new thing to me. By working on this idea, I study about encryption and came across other tools and technology related to it. As an example, PGP.

What's next for Freshdesk Secret Message

  • There is some minor improvement that could be done in the data structure design used for restdb.io. For example, separation of concern for multi-tenant implementation, which allows the user to have to store it in their own DB.
  • Implement permission control to the listing page.
  • Besides the secret message, we could also expand this into implementing attachments so that documentation can be shared in a secure manner.
  • That aside, the workaround hack works well and is also good for production use. Of course, if the technology improves, we could revise on making an improved version of this app. Eg. dynamically rendered secret component within the conversation thread. And, porting the database to using Freshdesk's database.
  • Also, nice to have is to allow to the addition of a plugin on the customer's side conversation editor view. So that they too can add secret messages and provide more information that is contained within the system.
Share this project:

Updates