One-time secret links
Create a one-time secret link for short-lived sensitive handoffs.
Use iKrypt to share passwords, API keys, tokens, .env values, and temporary credentials through encrypted links that expire after a view limit or time limit. No account required.
iKrypt is for temporary handoffs, not long-term secret storage. Use a password manager or secrets manager for permanent access control.
Shorter exposure window
Instead of leaving a secret in a permanent message thread, you can set a short expiry and view limit.
Cleaner than plain text
A one-time link is safer than pasting the secret directly into email, chat, or a ticket.
No account friction
Create a temporary encrypted handoff without inviting users, creating a workspace, or setting up a vault.
What makes a secret link “one-time”?
A one-time secret link is designed for a short lifecycle. Instead of putting the secret directly into a message, you create a link that can be opened only within the limits you choose.
With iKrypt, the secret is encrypted in your browser before upload. The server stores encrypted ciphertext and enforces the view limit and expiry. The decryption key stays in the URL fragment, after the # symbol.
This is useful when someone needs one sensitive value, but you do not want that value sitting permanently in email, chat, a shared doc, or a ticket.
Good for
Workflow
How a one-time secret link works
The goal is simple: create a short-lived encrypted handoff without storing the secret as plain text on the server.
Paste the secret
Add the password, API key, credential, token, or short sensitive note you need to share.
Encrypt in the browser
iKrypt encrypts the secret locally before upload. The server receives encrypted ciphertext.
Share the link
Send the generated link to the intended recipient through your chosen channel.
Let it expire
The secret becomes inaccessible after the view limit or expiry time is reached.
Best use cases
One-time links are best when a secret is needed briefly, by one intended person or a small group, and should not remain available forever.
Client handoff
Send a temporary login, admin password, or setup credential to a client without putting it directly in email.
Developer setup
Share one token, webhook secret, or config value needed to complete an integration.
Freelancer access
Give a contractor one short-lived credential without adding it to a permanent document.
Support workflow
Pass a temporary code or credential to someone helping with setup or debugging.
Not meant for
iKrypt is intentionally small. It is not trying to replace your long-term credential systems.
- Long-term password storage
- Team access management
- CI/CD secret storage
- Permanent credential backup
- Replacing a password manager
- Replacing a cloud secrets manager
How to use one-time secret links safely
- Use one-view access when the recipient only needs to read the secret once.
- Choose the shortest expiry time that still gives the recipient enough time.
- Share the full link only with the intended recipient.
- Treat the part after # as sensitive because it contains the decryption key.
- Rotate important passwords or API keys after temporary access is no longer needed.
- Use a password manager or secrets manager for long-term storage.
What a one-time link cannot protect against
A one-time encrypted link reduces exposure in the sharing process. It does not control what happens on the sender's or recipient's device.
- A compromised sender or recipient device
- Malicious browser extensions reading page content
- Someone forwarding the full link including the key after #
- Screenshots or copy/paste after the secret is revealed
- A recipient intentionally saving or resharing the secret
Related guides
More secure sharing workflows
Share a password securely
Use a one-time encrypted link instead of pasting passwords into email or chat.
Send an API key securely
Share API keys, tokens, and webhook secrets without leaving them in tickets or DMs.
Share .env values securely
Send specific environment variables without forwarding a full plaintext .env file.
Frequently asked questions
What is a one-time secret link?
A one-time secret link is a temporary link for sharing sensitive text such as a password, API key, token, or login credential. It becomes inaccessible after its configured view limit or expiry time.
Can iKrypt read the secret?
No. The secret is encrypted in your browser before upload. iKrypt stores encrypted ciphertext only, and the decryption key stays in the URL fragment after #.
Is the full link sensitive?
Yes. Treat the complete link as sensitive. Anyone with the full link, including the part after #, may be able to decrypt the secret until it expires or reaches its view limit.
What happens after the final view?
When the final allowed view is consumed, the encrypted record is deleted as part of the server-side transaction. After that, the secret is no longer available.
What happens after expiry?
After expiry, the API blocks access immediately. Expired encrypted records are removed automatically by Firestore TTL, typically within 24 hours.
Is iKrypt a password manager or secrets manager?
No. iKrypt is for temporary encrypted handoffs. Use a password manager, vault, or cloud secrets manager for long-term storage and access control.
Create a one-time secret
Send a short-lived secret without leaving it in message history forever.
Create an encrypted link for a password, API key, token, .env value, or temporary credential. No account required.