Securely send and receive sensitive information

Share passwords, API keys and confidential files via links that self-destruct after one view.

AES-256-GCM
Zero-knowledge
EU hosted
Trusted since 2016

Copy

Created a new secret with ID . It can be viewed using the link above.

Create new

QR code

You can also use the QR code above to share the link.

Create a one-time link Your secret is encrypted in this browser before it leaves.

Error

Validation error

Please fix the following error:

Limit for new secrets reached.

You have reached your limit for new secrets. Please try again later.

Registered users have access to all our features and can also create more secrets.

Length exceeded, please use a shorter secret.

Create an account (it's free, no credit card required) to access all features like attachments, branding and notifications.

One-time links for total security

Send

Create a link, share your secret, and the link self-destructs after a single view. Ideal for credentials, contracts, or any private detail.

Receive

Send someone a Secret Request and they'll reply through a one-time link only you can open. Perfect for collecting credentials or documents from clients.

Chat

Start an end-to-end encrypted chat that disappears the moment you close it. Great for sensitive negotiations or one-off private conversations.

Trusted by teams at

Features

One-time links for secure data sharing

Share passwords and other confidential data - along with files - with self-destructing one-time links. There are several settings which you can configure for each link like expiration time, password and CAPTCHA. You can also set how many times the link can be opened.

Request sensitive data with a Secret Request link

Create a Secret Request link for securely requesting sensitive data from your clients and users. It works the same way as sharing data with a one-time link, except that the end result is that you will receive the one-time link containing the data you have requested.

Create links from a CSV file

With our Bulk Secrets feature, you can easily create lots of one-time links from a CSV file. The CSV file parsing is performed in the browser, making sure that we don't have access to any of the data it contains.

Teams

We also have features designed for team collaboration and integration. Create separate accounts for team members, manage settings centrally, and ensure secure access with single sign-on (SSO).

Notifications

Stay up-to-date of all updates with our handy notification system. Notifications, triggered when a link is created, viewed, or has expired, can be sent via email, Slack messages, or webhooks for easy integration with external systems.

API

Our simple REST API can be used to integrate Password.link into any application. It also makes it possible to encrypt and decrypt the sensitive information outside of our service for maximum security and peace of mind.

Branding

Remove all Password.link branding and present a fully white-labeled experience to your users.

Custom domain

Serve the product on your own domain — either a password.link subdomain or a fully custom one — for a seamless brand experience.

Geo-blocking

The geo-blocking feature provides an added layer of security, ensuring that sensitive information is accessed only from locations you authorize. Whether it's a single country or multiple regions, the geo-blocking functionality will safeguard your secrets by blocking unauthorized access attempts.

IP and email whitelisting

Restrict access to approved IP ranges (CIDR) or email domains for fine-grained control over who can open a secret.

Secure chats with one-time links

Have a quick, end-to-end encrypted conversation — no account or app required.

Only the original participants can join, and the chat is destroyed the moment it's closed.

Key features:

End-to-end encryption: Every message is encrypted with AES-256-GCM. Encryption and decryption happen directly in your browser — we never see plain text.
Private and temporary: The encryption key lives only in the participants' browsers and is never stored on our servers.
No data retention: We prioritize your privacy by not logging, storing, or having the ability to decrypt any of your messages.

Ideal for IT teams of all sizes

A common scenario: you need to send credentials over email or Slack. But how can you be sure they're not intercepted, or know when and by whom they were viewed?

Password.link solves this with one-time, encrypted links — plus notifications, attachments, secret requests, white-labeling and a REST API for everything above.

Developed with standard, security-proven technologies

Because our service runs partly in the browser, security is paramount. We use only industry-standard, security-proven technologies — including AES-256-GCM encryption — and follow security best practices throughout development.

Always encrypted communications

Our service operates exclusively over HTTPS to ensure all communications are encrypted. This is crucial for maintaining the confidentiality and integrity of the data transmitted between the browser and our servers.

Advanced security measures

We implement advanced security technologies, such as Content Security Policy, Strict Transport Security, and Secure Cookies, alongside our unique encryption process to safeguard against both known and emerging security threats.

Encryption at rest and in transit

All data stored in our databases is encrypted at rest, providing an additional layer of security. Similarly, the encryption process begins in the browser, ensuring data is encrypted before it is even transmitted.

Unique one-time link generation process

When creating a new one-time link for a secret, two 18-character long random strings are generated in the browser as public and private encryption key parts. The secret is encrypted using these key parts, with the encrypted secret and the private part sent to our backend. This process ensures that full encryption data is never fully accessible, requiring both the link and database information to decrypt the secret.

No external JavaScript

To prevent the injection of malicious scripts, our service does not load any external JavaScript on pages that handle secrets.

No logging of sensitive data

Our logging strategy is designed to minimize data collection, ensuring no sensitive information is ever recorded. This includes not seeing or logging the public encryption key part, as it's stored in the link using a fragment identifier that the browser doesn't transmit to servers.

Secure password sharing since 2016.

10+

years in production

AES‑256

GCM encryption

EU

hosted & GDPR-compliant

100%

client-side encrypted

Since 2016 we've built Password.link into a leading tool for transmitting confidential information among IT companies worldwide. Our commitment to continuous improvement is driven by one core principle: keep it simple and secure.

Ready to share securely?

Create a free account to unlock attachments, notifications, the API, custom branding and more — no credit card required.

Create a free account See plans