Summary: Tickets are for support coordination, not secret storage. Send the minimum information DSE needs and verify that every recipient is authorized.
Never place these in a normal ticket
- Passwords, temporary passwords, one-time codes, recovery links, or authentication secrets.
- Alarm codes, duress codes, private keys, API secrets, or unprotected encryption material.
- Full payment-card, bank-account, government identifier, or unnecessary medical information.
- Unredacted visitor, employee, customer, or surveillance data unrelated to the support need.
Share useful information safely
- Redact secrets and unrelated names, messages, images, tabs, and account details from screenshots.
- Use device names, door names, camera names, timestamps, and approved business contacts instead of secret values.
- Add only authorized collaborators and avoid broad distribution lists.
- Ask DSE for an approved secure exchange method when a technician specifically requires sensitive material.
Report a concern
- Tell DSE immediately if a ticket or attachment appears visible to the wrong person.
- Identify the ticket number and the information at risk without repeating the sensitive content.
- Follow your organization incident-response and notification procedure.
- Change exposed credentials through the owning system, not by posting replacements in the ticket.
Important: Ticket files require authorized access in production, but access control does not make it appropriate to store unnecessary secrets.
Related resources
Content owner: DSE Service Operations · Production review: July 11, 2026