Secure password sharing
Stop sharing passwords over Slack and email.
Every time a password lands in a chat thread or inbox, it leaves a trail. Cinderpass encrypts credentials in your browser and generates a one-time link that burns the moment it is opened — leaving no plaintext behind anywhere.
Share a password securely — no account needed →Passwords are encrypted with AES-256-GCM in your browser. The server stores ciphertext only. Even if the database were breached, there would be nothing readable.
The link works exactly once. The moment the recipient decrypts the password, the server permanently destroys the record. Opening it twice is impossible.
Create a secure password sharing link in seconds with no sign-up. Nothing is tied to your identity.
Add a passphrase for a second layer of protection. Send the link over one channel and the passphrase over another — even a compromised link cannot be decrypted without it.
Need someone to share a password with you? Create a secure request page and send them the link. They submit through an encrypted form — no back-and-forth in chat.
API keys, database passwords, SSH keys, recovery codes, two-factor backup codes — anything that should not live in a chat thread.
Common questions
Is Cinderpass safe for sharing passwords?
Yes. Passwords are encrypted with AES-256-GCM in your browser before transmission. The server never receives the plaintext or the decryption key. The key fragment is placed in the URL hash, which browsers do not send to servers. Only the recipient with the full link can decrypt.
What happens to the password after it is opened?
The server atomically marks the secret as destroyed the moment the link is opened. The ciphertext remains in the database but is permanently inaccessible — the decryption key was never stored server-side.
Can I use this to share passwords with external contractors?
Yes. The recipient needs no account. They open the link, enter a passphrase if one was set, and the password decrypts in their browser. Nothing is stored in their account or any shared system.
What is the difference between this and a password manager?
A password manager stores passwords for ongoing access. Cinderpass is for one-time handoff — getting a credential from one person to another without leaving a trace. Use a password manager to store credentials; use Cinderpass to share them during onboarding, handover, or incident response.
Is there a size limit on what I can share?
Secrets are capped at 48 KB of plaintext. This covers any password, API key, certificate, or private key.
How long does the link stay active?
You choose: 1 hour, 24 hours, or 7 days. The link expires automatically if not opened within that window.
Ready to stop sharing passwords over Slack?
Share a password securely — no account needed →