Send a one-time secret — share a password securely
Paste a password, API key, or private note, pick a timer, and get a link that self-destructs the moment it's read — or when the timer runs out. The secret is end-to-end encrypted in your browser; our server only ever sees ciphertext it can't decrypt. Free, no signup.
Auto-destruct after
How it works
When you click Create one-time link, your browser generates a random AES-256 key with the native Web Crypto API and places it in the part of the URL after the # — the URL fragment, which browsers never transmit to any server. Your secret is encrypted locally with that key before it leaves your device, so what we receive and store is opaque ciphertext we have no way to read.
The link you share has two parts: the session identifier (which we know) and the decryption key (which only you and the recipient know, because it's in the fragment). When they open it, their browser pulls the encrypted blob, uses the key from their URL to decrypt it locally, and shows them the secret. At the same moment, we receive a destroy signal from the recipient's browser and permanently delete the encrypted blob server-side. No log keeps it. No backup.
That gives you two layers of protection. Read-once means even if someone later finds the link in a chat history, opening it shows nothing — the blob is gone. The server-enforced timer means if no one ever reads the secret, it still self-destructs after the window you picked. And because we never have the key, there is no point in time at which a readable version of your secret exists on our side.
The one rule: the link is the key. Anyone who gets the full URL can read the secret once. Send it over a channel that's at least somewhat private (SMS, WhatsApp, Signal, work chat, in-person) and prefer the shortest timer that fits your use-case. Don't paste it in a public chat or a ticket that strangers can see.
When this is the right tool
Anywhere you'd normally email or message a password and feel a little uneasy about it:
- Share a Wi-Fi password with a guest — short timer, one-time link, gone after they connect.
- Hand off an API key, SSH key, or database password to a teammate — without it sitting in Slack history forever.
- Send a one-time login to a colleague when you can't use a proper password manager.
- Share a sensitive note — an address, a phone number, a personal detail — without leaving a trail.
- Replace pasting secrets in tickets / docs / chat — the secret is in the link instead of the message body, and it dies on read.
Frequently asked questions
Related tools
Sources & references
Encryption is AES-GCM-256 via the browser's native Web Crypto API; the key lives only in the URL fragment.
Questions or a bug to report?
Email [email protected].