1Password manages your team's vault. VoidNote handles what goes outside it.
1Password Teams is excellent for managing credentials your team needs ongoing access to. But secrets that need to cross organisational boundaries — to contractors, clients, AI agents, or CI systems — still end up in Slack or email. VoidNote is built for that moment: a zero-knowledge link that delivers the secret once and then permanently ceases to exist.
The boundary problem
1Password's guest accounts and item sharing work within the 1Password ecosystem. The moment the recipient is outside that ecosystem — a freelancer, a client, a GitHub Actions runner, a Claude Code agent — the workflow breaks down and the secret goes through a chat app.
External contractor access
1Password guest accounts require an invitation and Bitwarden-style onboarding. For a one-week contractor, this is overhead — and it leaves credentials in their vault after they leave.
Client credential delivery
Sharing an item link from 1Password requires the client to accept an invitation. Most clients won't — the secret goes via email instead.
CI/CD and automation
1Password CLI (op) works for your own pipelines, but delivering a secret to a third-party runner or bootstrapping a fresh environment still requires out-of-band delivery.
AI agent provisioning
Pasting a 1Password secret reference into an AI agent's context requires the agent to have op access. A VoidNote link requires nothing — the agent reads it once and it's gone.
What about 1Password's "Psst!" link sharing?
1Password has a feature called Psst! (Portable Secure Sharing Tool) that generates a shareable link for individual vault items. It's a step in the right direction, but with important limitations:
- ·Server-side decryption: 1Password holds the key needed to decrypt the shared item — the link doesn't embed the key client-side. 1Password can read everything shared via Psst!
- ·Requires 1Password Teams: Psst! is a paid feature. The recipient doesn't need an account, but the sender needs a Teams subscription.
- ·Not zero-knowledge: The decryption happens server-side. VoidNote's key never reaches the server — verified via DevTools in 30 seconds.
- ✓VoidNote: Client-side AES-256-GCM. Key in URL fragment. Server holds only ciphertext. Self-destructs on read. Free to start.
Feature comparison
| Feature | 1Password | 1Password Psst! | VoidNote |
|---|---|---|---|
| Zero-knowledge (server blind) | No | No | Yes |
| Client-side encryption | Yes | No — server decrypts | Yes — AES-256-GCM |
| Self-destructs after read | No | Optional | Yes — always |
| Recipient needs account | Yes | No | No |
| Requires paid plan | Yes | Yes (Teams) | No — free tier available |
| CLI & SDK | Yes (op) | No | Yes — 6 languages |
| External recipient support | Via guest accounts | Yes | Yes — any browser |
| Anonymous use | No | No | Yes |
For everything that goes outside the vault
True zero-knowledge. No recipient account. No server-side key. Self-destructs on read.