About One-Time Secret

One-Time Secret is an open-source project created by Delano Mandelbaum as a way to share sensitive information that's both simple and secure. All of the code is open-source and available on Github.

F.A.Q.

Why would I use this?

When you send people passwords and private links via email or chat, there are copies of that information stored in many places. If you use a one-time link instead, the information persists for a single viewing which means it can't be read by someone else later. This allows you to send sensitive information in a safe way knowing it's seen by one person only. Think of it like a self-destructing message.

Why can't I send pictures or other kinds of files?

The challenge with sending files, images in particular, is that there's no way to absolutely guarantee it wasn't copied or shared with other people. In order to ensure that no one's private information is unknowingly shared, we decided to err on the side of simplicity.

But I can copy the secret text. What's the difference?

True but all you have is text. With images and other files types, they can contain metadata and other potentially revealing information about who the sender or recipient. Again, this is simply to ensure that no private information is shared outside of the intended recipient.

Can I retrieve a secret that has already been shared?

Nope. We display it once and then delete it. After that it's gone forever.

How long do you keep non-viewed secrets?

We keep secrets for up to 7 days. After that they are deleted automatically and gone forever. (Note: by the time you read a secret, it's already deleted from our servers.)

What is the maximum message size?

The maximum size is 100KB.

Why should I trust you?

If you include a passphrase (available under "Privacy Options"), we use it to encrypt the secret. We don't store the passphrase (only a bcrypted hash) so we can never know what the secret is because we can't decrypt it.

Beside all that, the code is open-source so you can review the code and/or run your own instance.