Zero-knowledge · Single-use · Self-destructing
How to send a password securely
Create an encrypted link. Share it. The password self-destructs the moment it's read. No trace in chat history, no server logs, no recovery.
Why the obvious methods are a problem
Slack / Teams message
Stored permanently in both users' chat history, searchable by workspace admins, accessible to third-party integrations, and retained in audit logs. Deleting the message doesn't remove it from Slack's servers or existing logs.
Lives in sent items on your end and inbox on theirs — indexed, searchable, and replicated across every device they use. Breaching either email account exposes the password days, months, or years later.
Google Doc / Notion
Stored in plaintext. Edit history means even 'deleted' content is recoverable. Anyone with the doc link or workspace access can read it. Sharing permissions are easy to misconfigure.
WhatsApp / iMessage
Messages are retained on both devices, backed up to iCloud or Google Drive (often in plaintext), and synced across linked devices. Expiring messages only reduce the window — they don't guarantee destruction.
The secure way: a self-destructing encrypted link
A single-use encrypted link works like a sealed envelope that incinerates itself the moment it's opened. The password exists in transit for seconds. Once read, the link stops working — permanently.
- 1
Type the password into VoidNote
Paste the password, API key, or credentials. Optionally add a second-factor password that the recipient must also know — share that through a separate channel (phone call, in person) for maximum security.
- 2
Your browser encrypts it before sending
AES-256-GCM encryption runs in your browser. The decryption key is embedded in the URL fragment — a part of the URL that is never sent to the server. VoidNote's servers receive only ciphertext they cannot decrypt.
- 3
Paste the link into Slack, email, or anywhere
The link itself is safe to send over any channel — it contains only a reference to an encrypted blob. The key lives in the fragment, never in a server log. When your recipient clicks it, their browser decrypts the password locally and the note is immediately destroyed.
How methods compare
| Method | Encrypted in transit | Server sees plaintext | Leaves permanent record |
|---|---|---|---|
| Slack | Yes (TLS) | Yes | Yes |
| Sometimes | Yes | Yes | |
| iMessage | Yes (E2E) | No | Yes — on device |
| Password manager share | Yes | Yes | Until revoked |
| VoidNote | Yes (AES-256-GCM) | Never | Destroyed on read |
Automating secure password delivery
Need to deliver secrets programmatically — to a CI runner, an AI agent, or an onboarding script? Use the CLI or SDK. The recipient reads the note once; it self-destructs. No secrets in config files, no plaintext in logs.
# Create a self-destructing note from the command line
echo "db-password-here" | voidnote create --api-key vn_... --views 1 --quiet
https://voidnote.net/note/a1b2c3…
# Recipient fetches it — note is immediately destroyed
voidnote read https://voidnote.net/note/a1b2c3…
db-password-here
# note destroyed — link is dead
Frequently asked questions
What if the recipient never opens the link?
Notes automatically expire after 24 hours — or whatever maximum lifetime you set. After that, the encrypted record is permanently deleted, whether it was read or not.
Can I include more than just a password?
Yes. You can include usernames, hostnames, ports, database names, API endpoints — anything. For sending a full set of environment variables at once, create a note with all of them or use Void Stream to pipe a batch of secrets through a live encrypted channel.
What if the link is intercepted?
If an attacker intercepts the link and opens it first, your recipient gets an error — the note is gone. This tells you the channel is compromised. Rotate the credential and send a fresh note. For high-sensitivity secrets, add a second-factor password (shared out of band) so the link alone is useless without it.
Do I need an account?
No account needed to create and share a note. Register for free to get 5 credits and track your note history (metadata only — we never store content).
Send your first password securely
Takes 10 seconds. No account required. Nothing stored in plaintext — ever.