Share a secret with an encrypted link

✓ Encrypted in your browser  ·  0 bytes uploaded  ·  Verify in DevTools

Type a secret. Your browser encrypts it and packs it into a link. Send the link; it decrypts in the other person's browser. No server, no account.

🔐 AES-GCM 256 · Encrypted locally · Zero backend

Encrypted in your browser. AES-GCM 256, with a key generated locally.
Zero backend. The secret lives in the link — nothing is uploaded or stored.
No account. Free, and there's nothing to sign up for.

What this tool does

This tool encrypts a short secret — a password, an API key, a recovery code, a private note — entirely inside your browser, then packs the encrypted result into a shareable link. Everything needed to read it travels inside the link itself, so there is no server, no database, no account, and nothing is ever uploaded. The person you send it to opens the link and their browser decrypts it locally.

How to use it

  1. Type or paste your secret into the box.
  2. Press Encrypt & create link. Your browser generates a one-off AES-GCM key, encrypts the secret, and builds a link.
  3. Copy the link and send it to the person who needs it.
  4. They open it and click Reveal — the secret is decrypted in their browser.

How it works, and what stays private

The secret is encrypted with AES-GCM, a standard authenticated cipher, using a random 256-bit key generated in your browser. Both the encrypted text and the key are placed in the part of the link after the # — the URL fragment. Fragments are special: browsers never include them in network requests, so when the recipient opens the link, the key and ciphertext are handled locally and are never sent to this site or anyone else. We run no backend for this tool and store nothing.

Here's the honest trade-off: because the key rides inside the link, anyone who has the full link can read the secret. Treat the link itself as if it were the password. Send it through a channel you trust, and delete the message once the other person has it. Since nothing is stored on a server, deleting your messages genuinely removes every copy — there's no database record left behind.

What this version does and doesn't do

In about 20 years of IT support — at one point handling 400+ users a day across different countries — the most common way credentials leaked wasn't hacking. It was passwords pasted into permanent places: a new hire's login emailed and then forwarded around, the office Wi-Fi key sitting in a pinned chat message that every contractor since 2019 can still scroll back to, a database key dropped into a group channel "just for a minute." The reason that's dangerous is that those copies never get cleaned up. This tool helps with one specific part of the problem: the secret is never stored on any server, so the only copies that exist are the messages you sent — which means you can actually delete them and have nothing linger. The habit I'd pair with it: send the link, confirm the person got it, then delete it. And never post the link somewhere permanent, because the link is the secret.

— Hill, 20 years in IT support

Frequently asked questions

Does my secret get uploaded anywhere?

No. Encryption and decryption happen entirely in your browser, and the encrypted secret plus its key live in the link's # fragment, which browsers never send over the network. This site runs no backend for this tool and stores nothing.

Can the link self-destruct after one read?

Not in this version. Self-destruct and expiry require a server to delete the stored copy, and this tool deliberately has no server. The link stays readable until you delete the message that contains it — so delete it once the recipient has the secret.

Who can read the link?

Anyone who has the complete link, because the decryption key is part of it. Treat the link like the secret itself: share it through a channel you trust and don't post it anywhere public or permanent.

What should I use it for?

Short, sensitive things: a password, a Wi-Fi key, an API token, a recovery code, a brief note. It isn't designed for long text or file attachments.