Secret Sharing
Generate secure one-time links to share secrets with team members or external collaborators.
How It Works
- Select vault variables or upload a secret file and generate a link.
- The content is encrypted and stored with a cryptographically random token.
- Share the link URL with the recipient.
- The recipient visits the link, enters the password (if set), and views the secrets.
- Content is permanently deleted after the first access.
A link is destroyed after its first access or its expiry time, whichever comes first.
Creating a Shared Link
From Vault Variables
- In the Vault tab, select variables via checkboxes and click Share Selected.
- Optionally set a password and choose an expiry time (1 hour, 24 hours, 7 days, or custom).
- Click Generate Link and copy the URL.
From a File
Select Share File in the sharing interface, upload the file, configure options, and generate the link.
Expiry Options
| Option | Use case |
|---|---|
| 1 hour | Active collaboration, recipient is online now. |
| 24 hours | Default — gives the recipient a day. |
| 7 days | Recipient may not be available immediately. |
| Custom | Specific date and time. |
Recipient Experience
The recipient opens the link, enters the password if required (incorrect attempts do not consume the link), and views the decrypted content. After viewing, the content is permanently deleted and the link becomes invalid. The recipient should copy what they need before leaving the page.
Link Status and Audit Log
Track shared links from the project’s sharing interface:
| Status | Meaning |
|---|---|
| PENDING | Created but not yet accessed. |
| VIEWED | Recipient accessed the content. Content destroyed. |
| EXPIRED | Expiry time reached without access. Content destroyed. |
The audit log records creation, view, and expiry events with timestamps — actual secret values are never logged.