Share API Keys Without Leaving a Trace
API keys, tokens, and credentials are some of the most sensitive data in software. EncryptedNote lets you share them via a self-destructing one-time link — zero-knowledge encrypted, permanently deleted after access.
The Problem With Sharing Credentials in Chat
Most teams share API keys via Slack, email, or GitHub comments — all of which create a permanent, searchable record. A compromised Slack account or leaked email archive exposes credentials shared months ago.
- Slack message history persists indefinitely and is searchable by workspace admins
- GitHub PRs and comments are indexed by search engines
- Email is stored on multiple servers with unpredictable retention policies
- Copy-paste clipboard history can expose secrets to other apps
How to Share API Keys Safely
Client-side encryption before transmission
Your API key is encrypted in your browser using XChaCha20-Poly1305 — before it ever leaves your device. The server stores only ciphertext.
One-time link — expires after access
Generate a single-use link. Once your teammate opens it, the key is automatically and permanently deleted. The link becomes invalid immediately.
Zero-knowledge — we cannot decrypt your keys
The decryption key is embedded in the URL fragment — it never reaches our server. Even our infrastructure has zero ability to read what you shared.
Developer Use Cases
- Onboarding a new developer with production credentials
- Sharing a staging API key with a third-party contractor
- Rotating credentials and distributing the new key to the team
- Giving temporary database access to an external auditor
- Sharing a deploy key without it appearing in Slack history
Secure Mode for Extra Protection
Use Secure Mode to require a separate decryption password. Share the link via Slack and the password via SMS — even if Slack is compromised, the key remains safe without the second factor.