Skip to main content
Privacy-first architecture

Onetime SecretSigned. Sealed. Delivered.

Send passwords, credentials, and sensitive data with links that work only once.

Create Secret Link

Enter the sensitive text you want to share securely. This text will be encrypted and available only once.
  • Encrypted
  • Self-destructing
  • Open source
  • Sovereign data

Security architecture

Built to forget.

Every design decision serves one purpose: make sure secrets are readable exactly once, then gone.

Per-secret encryption

Every secret is encrypted with its own unique key before being stored. Decryption keys live on the application server, never in the database — a defense-in-depth measure that limits exposure in the event of a data breach.

Read once, gone forever

After a single view, the secret is permanently purged from all storage. No copies, no recovery, no trace.

Regional data storage

Choose where your secrets live: EU, US, or other regions. Meet data sovereignty requirements at the point of creation.

Helps teams meet compliance goals

Built to support SOC 2, GDPR, CCPA, and HIPAA workflows. Audit logs, access controls, and SSO help teams meet their own compliance requirements.

Developer API

Integrate secret sharing into your workflows, CI/CD pipelines, and internal tools. Full REST API with language-specific SDKs.

Also available:Custom BrandingSSO / SAMLIncoming SecretsAccess Controls

How it works

Sent. Read. Gone.

Share sensitive information without leaving a trail in your email, chat logs, or ticketing systems.

Paste your secret

Enter any sensitive text — passwords, API keys, credentials, private notes. Set an expiration and optional passphrase.

Share the link

Get a unique, one-time URL. Send it over any channel: email, Slack, text. The link itself reveals nothing about the content.

Gone after viewing

Once the recipient opens the link, the data is permanently destroyed. The link dies with it. No one — including us — can retrieve it.

Use cases

How teams use Onetime Secret

From onboarding a new hire to rotating production credentials, sensitive data moves through organizations every day.

IT & DevOps

Securely rotate production credentials, share API keys during onboarding, and keep sensitive config out of Slack and email threads.

prod_api_token_51H7xYz9A2bC3dE4fG

HR & People Ops

Share onboarding credentials, temporary system access, and confidential HR communications without leaving a trail in email or ticketing systems.

Temporary password for your first login: kX9#mPq2vR!7

Legal & Finance

Transmit settlement terms, account credentials, and confidential case information with one-time access controls that protect privilege and confidentiality.

Access code for case file #2024-0847: Rg22mK9x

Consultants & Agencies

Share client credentials, project access, and sensitive deliverables without leaving traces in email threads or shared drives.

Here's the temporary password for the client portal: TmpAcc3ss!xQ9

Global infrastructure

Your data, your jurisdiction.

Choose where your secrets are stored and processed. Regional instances ensure your data never leaves the geography you choose.

Toronto, CanadaNuremberg, GermanyPorirua, New ZealandLondon, United KingdomHillsboro, United States

Start sharing secretsthe right way.

Free for individuals and teams. Plans for custom branding, advanced controls, and more.

Try it freeView pricing