🗝️ guides
One-Time Secrets: The Safer Way to Share a Password
By ShareNimbus Editorial · Reviewed & edited by Franklin Brown ·July 4, 2026
Where Shared Passwords Actually Go
When you paste a password into a chat message or an email, you are not sending it once - you are copying it into every system that touches the message. The recipient’s inbox keeps it. Your sent folder keeps it. Search indexes, message archives, mobile backups, and any compliance retention system all keep it too. The credential you meant to share for five minutes is now sitting, in plaintext, in a dozen places that will hold onto it for years.
That is the quiet risk of ad-hoc credential sharing: the secret outlives its usefulness and multiplies across storage you do not control.
What a One-Time Secret Does Differently
A one-time secret is a private note shared through a link that works exactly once. You type the secret, get a URL, and send it. The first person to open that URL sees the secret - and in the same moment, it is permanently destroyed. Anyone who opens the link afterward gets an expired page.
With One-Time Secret, the text is encrypted with AES-256-GCM before it is stored, so what sits on disk is ciphertext, not your password. The instant the link is viewed, that ciphertext is deleted. If nobody opens it, it still self-destructs when the expiry you chose runs out. Either way, the secret exists in exactly one place, for one view, for a limited time.
A Clean Hand-Off, Step by Step
- Type or paste the secret - a password, an API key, a recovery code, a short private note.
- Keep “destroy after first view” on for a true one-time link, and pick a short expiry.
- Add a password if the recipient’s link might travel through a channel you do not fully trust.
- Send the link, and if you set a password, send it through a different app or a phone call.
Splitting the link and the password across two channels is the single most effective habit here. A leaked link is useless without the password, and a leaked password is useless without the link.
When to Reach for This Instead of a Vault
Shared password managers are the right tool for standing, ongoing access - the credentials a team uses every day. But they are heavy for a one-off. Onboarding a contractor who is not in your vault, sending a teammate a temporary database password, or passing a recovery code to a family member are all moments where you want the secret to exist briefly and then disappear, not to become a permanent vault entry someone has to remember to revoke later.
A one-time secret is built for exactly that: read once, by one person, then gone.
Files Follow the Same Rule
The same logic applies to documents. If you need to hand off a file rather than a line of text, Secure File Share gives you an expiring link with an optional password and one-time download for files up to 25 MB. Whether it is a secret or a file, the goal is the same - share it, let the recipient use it, and leave no permanent copy behind.
Try the tools from this article
Our articles are drafted with AI assistance and reviewed, fact-checked, and edited by a human editor before publishing.