🚀

Securely share secrets that self-destruct

Send passwords and other sensitive information with links that vanish after they are viewed.

Encrypted in your browser
Generate secret link
See how it works ↓

How Secret.Broker works

🔒

1. Encrypt your secret

Type your sensitive information. It is encrypted instantly in your browser before leaving your device.

🔗

2. Share the unique link

We generate a secure, Self-destructing link for you to copy and send to your recipient.

💥

3. Self-destruct

Once the secure link's view quota is reached, the secret is permanently erased from our servers.

How we keep your secrets safe

Security Overview

  • Client-side encryption: Your secret is encrypted in your browser.
  • Zero knowledge: We never see your decryption key. It's part of the link, which we don't store.
  • Self-destruct: Secrets are deleted immediately after their view quota is reached, or when they expire.

Technical Details

We use libsodium for client-side cryptographic operations, ensuring modern cryptographic standards.

  • Algorithm: XChaCha20-Poly1305 (Enhanced resistance to nonce reuse)
  • Transport: TLS 1.2+ / HTTPS
  • Storage: Encrypted at rest (double encryption)
  • Primary Secret Encryption Keys: Generated locally, never sent to server

Frequently asked questions

The secret is decrypted in their browser. Once the view quota is reached, the secret is permanently erased from our servers. The link will not work beyond the view quota.

You can set an expiry time (e.g., 24 hours). If not viewed by then, it is automatically deleted.

No. The decryption key is contained in the link you share (after the #). We never receive this part of the URL, so we cannot decrypt your data.