storage-p
All guides

Sharing secrets safely

There are two safe ways to hand a secret to someone: a one-time link, or an end-to-end delivery to another user. Neither exposes plaintext to the server.

One-time, burn-after-read links

  1. Open an item (or a folder) and choose Share → Link.
  2. Set a TTL in hours and a view limit, then create the link.
  3. Send the link over a trusted channel. The decryption key lives in the URL fragment (#…), which browsers never send to the server; after the last view the data can no longer be opened.

End-to-end sharing to a user

  1. Choose Share → user and enter the recipient’s email.
  2. The item is sealed to their public key (sealed-box, X25519) — only they can decrypt it.
  3. It appears in their Inbox; they can add it to their own vault.

The server only relays ciphertext; it never sees the shared content.

Revoke a share

Delete the share to stop it. One-time links also stop working automatically once the view limit or TTL is reached.