Secrets that vanish
after they're read.
Share passwords, API keys, and sensitive data via a one-time encrypted link. It self-destructs after reading — nothing lingers in inboxes or chat logs.
No credit card required. Available on all plans including Free.
Someone sent you a secret
This secret will be revealed once and then permanently deleted. Make sure you're ready to save the contents.
Simple. Secure. Gone.
Three steps from typing your secret to it vanishing without a trace.
Write your secret
Type or paste your password, API key, or any sensitive text. Add an optional passphrase for extra protection. Set an expiry time and view limit.
Share the link
Copy the one-time link and send it through any channel — email, Slack, SMS. The secret itself never travels over those channels, only the link does.
It self-destructs
The recipient opens the link, reveals the secret, and it's immediately and permanently deleted. No copies, no logs, no trace.
Built for secrets that matter
Every protection you'd want, none of the complexity.
AES-256 Encryption
Every secret is encrypted before it hits the database. The payload is never stored in plain text — not even database administrators can read it.
Passphrase Lock
Add an optional passphrase that the recipient must enter before viewing. The passphrase is hashed with bcrypt — we never store it in recoverable form.
Time-Based Expiry
Set the link to expire anywhere from 15 minutes to 3 months. When the clock runs out, the secret is permanently deleted — even if it was never opened.
View-Count Limit
Restrict how many times the secret can be revealed, from a single read-once view up to 100 views. The link auto-expires once the limit is reached.
Auto-Delete on Read
Enable one-and-done mode: the secret is permanently wiped the moment it's first revealed. Zero risk of someone stumbling on it later.
Viewer-Deletable
Optionally allow the recipient to delete the secret themselves after reading, giving them control over when it disappears.
History & Audit Trail
Track all secrets you've sent — active, expired, or deleted — from your dashboard. See view counts and expiry progress at a glance.
1-Click Reveal
Skip the confirmation step with the one-click reveal option. The recipient lands on the secret immediately, ideal for time-sensitive handoffs.
Throttle Protection
Reveal endpoints are rate-limited to block brute-force passphrase attacks. Repeated attempts from the same IP are automatically rejected.
What teams use it for
Any time you'd normally paste a sensitive value into chat or email — use Secret Push instead.
Onboarding credentials
Share temporary passwords, SSH keys, or account logins with new hires securely. The link expires after they've logged in and changed their password.
API key handoff
Send production API keys to contractors or clients without risking them being forwarded, archived, or leaked from email.
Payment details
Share card numbers, bank account details, or billing credentials with your accountant without them sitting in a chat log indefinitely.
Server access
Deliver database passwords, VPN credentials, or server root access safely during an incident. Auto-delete once the team is in.
License keys & codes
Send software license keys or 2FA backup codes that can only be retrieved once — preventing re-use or unauthorized access.
Client handover
Deliver final project credentials, admin passwords, and access tokens at the end of an engagement without leaving a paper trail.
Why not just use Slack or email?
Here's what happens to a secret you paste into a chat message.
| Channel | Encrypted | Auto-deletes | Expiry control | View tracking |
|---|---|---|---|---|
| Secret Push | ||||
| Slack / Teams | ||||
| SMS |
Frequently asked questions
Why is secret scanning important for developers?
Secret scanning helps developers identify exposed credentials, API keys, and sensitive information before hackers can misuse them, improving overall application security.
Can secret scanning reduce cybersecurity risks?
Yes, automated secret scanning significantly reduces the risk of unauthorized access, data breaches, and credential theft.
Is secret push protection useful for enterprises?
Enterprise organizations use secret push protection to secure large-scale development environments, maintain compliance, and protect critical infrastructure.
How does secret push improve DevSecOps security?
Secret push protection adds an extra layer of DevSecOps security by preventing sensitive data exposure during the development lifecycle.
What types of secrets can be detected automatically?
Modern secret detection systems can identify:
- API keys
- OAuth tokens
- SSH keys
- Database credentials
- Cloud access keys
- Authentication secrets
- Environment variables
How to prevent API key leaks in Git repositories?
Developers can prevent API key leaks by using secret push protection, encrypted environment variables, access controls, and automated secret detection systems.
Stop texting passwords.
Create your first secret link in under 30 seconds. Free forever, no card needed.