EnvShareApp
Back to Blog
Freelance Life

The Freelancer's Handover Guide: How to Deliver Credentials Without Liability

E
EnvShareApp TeamJan 30, 20266 min read

The project is done. The invoice is paid. Now comes the dangerous part: The Handover.

You need to give the client their WordPress admin login, their AWS root keys, and their Stripe API secrets. Most freelancers just paste these into the Upwork chat or a PDF attached to an email.

This is a massive liability mistake.

The "Recall" Problem

Scenario: The Client Gets Hacked

Six months from now, your client's website gets defaced. They panic. They hire a forensic team. The team finds the admin password sitting in an email from YOU sent 6 months ago.

Guess who gets blamed?

Even if it wasn't your fault, having your name permanently attached to the compromised credential in their inbox makes you a suspect. As a professional, you want Zero Trail. You want to prove that you delivered the secret and then immediately lost access to it.

The Professional Handover Protocol

Top-tier agencies don't use email for secrets. They use Ephemeral (Self-Destructing) Links. Here is the standard protocol for a liability-free handover:

1

Consolidate Credentials

Put everything (Database, CMS, API keys) into a single file or a structured note.

2

Encrypt via EnvShareApp

Set "Views" to 1 (or 2 if you want to test it first, but 1 is safer).

3

Send the Link + Warning

Tell the client: "This link self-destructs after you view it. Please save these details in your password manager immediately."

Why Clients Love This

You might think this adds friction. In reality, it signals competence.

When a client sees a branded, secure link that says "Encrypted End-to-End", they think:
"Wow, this developer takes security seriously. I hired the right person."

Handling "Non-Tech" Clients

"But my client doesn't use a password manager! They'll just lose it!"

That's fine. Your job is to deliver it securely to them. Once they view it, if they choose to print it out and tape it to their monitor, that is their chain of custody, not yours.

By using EnvShareApp, you have cryptographic proof (the 404 error) that the secret is no longer in your possession. You have cleanly severed the liability link.

The "Secure Drop" Trick (Reverse Handover)

Sometimes, the client creates the accounts (AWS, GoDaddy) and needs to send you the login. They usually try to text it to you or call you.

Instead, send them your Secure Drop Link (e.g., `envshare.app/drop/yourname`).

The Script:

"Hi [Client], please don't email the password—it's not secure. Upload it to my secure drop box here: envshare.app/drop/alex. It will be encrypted automatically."

This saves you from having to scrub your email inbox later.

Summary

As a freelancer, your reputation is your currency. Don't let a lazy email handover tarnish it 2 years down the line.

  • Use EnvShareApp for all credential deliveries.
  • Use Secure Drop for receiving inputs.
  • Keep your liability at zero.

Related Resources

EnvShareApp for Freelancers

$5 one-time, Secure Drop, professional client handoffs.

EnvShareApp for Agencies

Client onboarding, Secure Drop, team dashboards.

Send Your First Secure Handover