Home Docs Workflow guides

Send a private debug bundle

Short-lived support handoff
Workflow

Send a private debug bundle

Package diagnostic text, encode binary archives as text when needed, and use secret-key or signed URL access rather than the public feed.

When to use it

Use this when

  • A maintainer needs logs, redacted config, and environment details for a limited time.
  • The bundle should not be discoverable or listed publicly.
Steps

Do this

  1. Redact first Remove credentials, customer data, and machine identifiers before packaging.
  2. Make it textual Paste bodies are text. For multiple files, create an archive and base64-encode it before publishing.
  3. Pick the access model Use CLI secret-key mode for local encryption, or REST access=signed_url only when the client has already encrypted the body.
  4. Limit exposure Set an expiry and, for one-time handoffs, set a read limit.
Examples

Copyable commands

CLI secret-key bundle
tar -czf - logs/ redacted-config.json | base64 | \
  pbca new --mode secret-key --expires 2d --read-limit 3 \
  --syntax text --title "debug bundle"
Plaintext unlisted notes
pbca new --file redacted-debug-notes.txt \
  --mode unlisted --expires 2d --read-limit 3 \
  --syntax markdown --title "debug notes"
Operational notes

Keep in mind

  • The URL fragment for secret-key pastes is client-side key material. Treat the full URL as sensitive.
  • The web UI and CLI perform client-side encryption. The REST API stores whatever ciphertext a client supplies; it does not encrypt plaintext for you.