Share passwords, API keys, and secrets with one-time encrypted links
Stop DM'ing passwords. Send a secret once — the key never touches our servers.
Built for developers, freelancers, agencies, and small teams. Free forever, no account required.
Expired secrets become inaccessible immediately and are automatically deleted by Firestore TTL, typically within 24 hours.
Simple by design
Create a secure handoff in seconds
iKrypt is for the quick moments when you need to send one sensitive value without leaving it permanently in someone's inbox or chat history.
Paste your secret
Add a password, API key, .env value, or temporary credential.
Choose limits
Pick an expiry time and how many times the link can be viewed.
Share the link
Send the encrypted one-time link through email, Slack, chat, or a ticket.
It self-destructs
The secret becomes inaccessible after the final view or expiry.
Trust-first architecture
Encrypted before it leaves your browser
The server stores encrypted data only. The key is part of the link fragment and is not sent to iKrypt servers in normal requests.
Encrypted before upload
Your secret is encrypted in the browser before it leaves your device.
Only ciphertext is stored
iKrypt stores encrypted data, expiry settings, and view limits — not plaintext.
Key stays in the link fragment
The decryption key lives after the # in the URL, which is not sent to the server in normal HTTP requests.
One-time viewing is server-enforced
View limits are enforced with Firestore transactions, so concurrent requests cannot over-deliver a one-view secret.
Expired secrets are blocked immediately
Once a secret expires, the API blocks access. Firestore TTL removes expired encrypted data automatically, typically within 24 hours.
Secret pages stay clean
The pages where secrets are created or viewed do not load third-party analytics scripts.
What iKrypt protects against
- Secrets sitting forever in Slack, email, or DM history
- Plaintext credentials being accidentally forwarded
- A secret being accessed more times than intended
- Plaintext secrets being stored on iKrypt servers
What it does not protect against
- A compromised sender or recipient device
- Malicious browser extensions reading page content
- Someone forwarding the full link including the key after #
- Screenshots or copy/paste after the secret is revealed
Common use cases
Useful for quick, sensitive handoffs
API keys
Passwords
Login credentials
SSH keys
.env values
Client access
Contractor handoffs
Temporary notes
Frequently asked questions
Plain answers about what iKrypt does, what it stores, and where the trust boundary is.
Can iKrypt read my secrets?
No. iKrypt only stores encrypted ciphertext. The decryption key stays in the URL fragment and is not sent to our servers.
What can I share with iKrypt?
iKrypt is useful for passwords, API keys, .env values, login credentials, SSH keys, and other short-lived secrets.
What happens after the link expires?
The secret becomes inaccessible immediately after expiry. The encrypted data is then automatically removed by Firestore TTL, typically within 24 hours.
Is it free?
Yes. Basic one-time secret sharing is free and does not require an account.