Share a secret, which can be read only once.
We use client-side encryption.
We don't store a key on the server.