send-secret

Stop sharing secrets through Slack, email, and text messages.

P2P encrypted secret sharing. No servers. No accounts. No trust required.

Install • Why • Usage • Security • Support

---

The Problem

Every day, developers share API keys, database credentials, and secrets through:

• Slack DMs — stored forever on Slack's servers
• Email — sitting in inboxes indefinitely
• Text messages — backed up to iCloud, Google, carrier logs
• Notion/Docs — accessible to anyone with the link
• .env files in repos — we've all seen it

These secrets persist. They get indexed. They get breached.

The Solution

send-secret creates a one-time, encrypted link that self-destructs after viewing.

$ echo "sk_live_abc123" | npx send-secret

• Zero trust — Your machine encrypts the secret. The key never leaves the URL fragment.
• Zero persistence — Deleted from memory the moment it's viewed. Nothing stored anywhere.
• Zero accounts — No signups, no logins, no third-party services holding your secrets.
• Zero install — Works with npx. No dependencies to audit.

---

Install

npm i -g send-secret

Or use without installing:

npx send-secret

---

VS Code Extension

Share secrets directly from your editor:

ext install danwag06.send-secret

Or search "send-secret" in the VS Code extensions marketplace.

Right-click any file or selection → Send Secret → link copied to clipboard.

---

AI Coding Agents

Use send-secret with Claude Code, Cursor, Codex, and other AI coding agents.

Install Skills

npx add-skill danwag06/send-secret

This installs skills that let AI agents help you share secrets without the agent ever seeing the secret content:

Skill	Description
send-secret-file	Send files by path (agent never reads content)
receive-secret	Receive secrets to files (saves with -o, never displays)
send-secret-clipboard	Share clipboard contents (macOS - agent never sees clipboard)

Security Model

The skills are designed so secrets never enter the agent's context:

• Files are sent by path only — agent runs send-secret ./file.json without reading the file
• Secrets are received to files — agent always uses -o flag to save, never displays in terminal
• Clipboard is piped directly — pbpaste | send-secret bypasses agent context entirely

Example Usage

Ask your AI agent:

• "Send my .env file securely to my teammate"
• "Receive this secret: https://xyz.trycloudflare.com/s/abc#key=..."
• "Share what I copied to my clipboard securely"

---

Usage

Send a text secret

$ send-secret
Enter secret, press Enter, then Ctrl+D:
sk_live_abc123xyz
^D
○ Encrypting (18 B)
✔ Tunnel ready

╭ Share this link ─────────────────────────────────────────────────────────────╮
│ https://abc123.trycloudflare.com/s/x7k2m#key=9f86d081884c7d659a2feaa0c       │
╰──────────────────────────────────────────────────────────────────────────────╯
  Keep terminal open until received
  Recipient can also run: npx send-secret -r <link>

◐ Waiting for receiver...
✔ Retrieved from 73.162.45.99

Send a file

$ send-secret ./credentials.json

○ Encrypting credentials.json (4.2 KB)
✔ Tunnel ready

╭ Share this link ─────────────────────────────────────────────────────────────╮
│ https://abc123.trycloudflare.com/s/x7k2m#key=9f86d081884c7d659a2feaa0c       │
╰──────────────────────────────────────────────────────────────────────────────╯
  Keep terminal open until received
  Recipient can also run: npx send-secret -r <link>

◐ Waiting for receiver...
✔ Retrieved from 73.162.45.99

Send via pipe

$ cat .env | send-secret

$ echo "secret_token" | send-secret

$ pbpaste | send-secret

Auto-destruct timeout

Set an expiration time for undelivered secrets:

$ send-secret -t 300 ./secret.txt    # Expires in 5 minutes
$ send-secret --timeout 60           # Expires in 60 seconds

◐ Waiting for receiver... (expires in 4m 32s)

If the receiver doesn't retrieve the secret before the timeout, it's automatically deleted.

Multiple recipients

Share with multiple people using a single link:

$ send-secret -n 3 ./credentials.json    # Allow 3 views
$ send-secret -n 5 -t 300 ./secret.txt   # 5 views OR 5 minutes

◐ Waiting for receivers... (0/3)
✔ Retrieved (1/3) from 73.162.45.99
✔ Retrieved (2/3) from 98.45.123.12
✔ Retrieved (3/3) from 73.162.45.99 — All delivered