One-time secret links

Create a one-time secret link for short-lived sensitive handoffs.

Use iKrypt to share passwords, API keys, tokens, .env values, and temporary credentials through encrypted links that expire after a view limit or time limit. No account required.

iKrypt is for temporary handoffs, not long-term secret storage. Use a password manager or secrets manager for permanent access control.

Shorter exposure window

Instead of leaving a secret in a permanent message thread, you can set a short expiry and view limit.

Cleaner than plain text

A one-time link is safer than pasting the secret directly into email, chat, or a ticket.

No account friction

Create a temporary encrypted handoff without inviting users, creating a workspace, or setting up a vault.

What makes a secret link “one-time”?

A one-time secret link is designed for a short lifecycle. Instead of putting the secret directly into a message, you create a link that can be opened only within the limits you choose.

With iKrypt, the secret is encrypted in your browser before upload. The server stores encrypted ciphertext and enforces the view limit and expiry. The decryption key stays in the URL fragment, after the # symbol.

This is useful when someone needs one sensitive value, but you do not want that value sitting permanently in email, chat, a shared doc, or a ticket.

Good for

Passwords
API keys
.env values
Webhook secrets
Login credentials
Temporary access tokens
Recovery codes
Private setup notes

Workflow

How a one-time secret link works

The goal is simple: create a short-lived encrypted handoff without storing the secret as plain text on the server.

01

Paste the secret

Add the password, API key, credential, token, or short sensitive note you need to share.

02

Encrypt in the browser

iKrypt encrypts the secret locally before upload. The server receives encrypted ciphertext.

03

Share the link

Send the generated link to the intended recipient through your chosen channel.

04

Let it expire

The secret becomes inaccessible after the view limit or expiry time is reached.

Best use cases

One-time links are best when a secret is needed briefly, by one intended person or a small group, and should not remain available forever.

Client handoff

Send a temporary login, admin password, or setup credential to a client without putting it directly in email.

Developer setup

Share one token, webhook secret, or config value needed to complete an integration.

Freelancer access

Give a contractor one short-lived credential without adding it to a permanent document.

Support workflow

Pass a temporary code or credential to someone helping with setup or debugging.

Not meant for

iKrypt is intentionally small. It is not trying to replace your long-term credential systems.

  • Long-term password storage
  • Team access management
  • CI/CD secret storage
  • Permanent credential backup
  • Replacing a password manager
  • Replacing a cloud secrets manager

How to use one-time secret links safely

  • Use one-view access when the recipient only needs to read the secret once.
  • Choose the shortest expiry time that still gives the recipient enough time.
  • Share the full link only with the intended recipient.
  • Treat the part after # as sensitive because it contains the decryption key.
  • Rotate important passwords or API keys after temporary access is no longer needed.
  • Use a password manager or secrets manager for long-term storage.

What a one-time link cannot protect against

A one-time encrypted link reduces exposure in the sharing process. It does not control what happens on the sender's or recipient's device.

  • A compromised sender or recipient device
  • Malicious browser extensions reading page content
  • Someone forwarding the full link including the key after #
  • Screenshots or copy/paste after the secret is revealed
  • A recipient intentionally saving or resharing the secret

Related guides

More secure sharing workflows

Frequently asked questions

What is a one-time secret link?

A one-time secret link is a temporary link for sharing sensitive text such as a password, API key, token, or login credential. It becomes inaccessible after its configured view limit or expiry time.

Can iKrypt read the secret?

No. The secret is encrypted in your browser before upload. iKrypt stores encrypted ciphertext only, and the decryption key stays in the URL fragment after #.

Is the full link sensitive?

Yes. Treat the complete link as sensitive. Anyone with the full link, including the part after #, may be able to decrypt the secret until it expires or reaches its view limit.

What happens after the final view?

When the final allowed view is consumed, the encrypted record is deleted as part of the server-side transaction. After that, the secret is no longer available.

What happens after expiry?

After expiry, the API blocks access immediately. Expired encrypted records are removed automatically by Firestore TTL, typically within 24 hours.

Is iKrypt a password manager or secrets manager?

No. iKrypt is for temporary encrypted handoffs. Use a password manager, vault, or cloud secrets manager for long-term storage and access control.

Create a one-time secret

Send a short-lived secret without leaving it in message history forever.

Create an encrypted link for a password, API key, token, .env value, or temporary credential. No account required.