Share a secret
How to use this safely
- The link is the credential. Anyone who gets the URL can view the secret up to the view limit, until it expires.
- Send the link out-of-band. Share it through a different channel than the one that needs the secret (e.g. send the link in Teams, the password it unlocks goes somewhere else).
- Pick the shortest TTL you can. Minutes, not days, if the recipient is ready to receive it.
- Use Maximum views = 1 unless you specifically need more. Once consumed, the link is unusable.
- Restrict by IP when the recipient is on a known network (campus, VPN). Anyone outside the allowlist gets a 403 even with the link.
- Don't reuse links. If you suspect a link was exposed, create a new one and rotate the underlying secret if possible.
- Storage is ephemeral. Secrets live only in this service's memory and are not written to any database or log. A restart will invalidate outstanding links — just create a new one.