VaultLink homeVaultLink logo
Language
Secure password sharing

Securely sharing secrets client side

The fastest way to hand over credentials without giving up control.

VaultLink encrypts every secret inside the browser, splits the key from the data, and cleans the vault the moment your instructions are fulfilled.

Client-side AES-GCMSOC 2 In MotionKeyless backend

Product highlights

Client-side AES-256-GCM

Secrets are encrypted in your browser with a one-time key. VaultLink stores ciphertext and IV, never plaintext.

Self-destruct controls

Define TTLs and view limits so sensitive payloads evaporate right after their purpose is served.

Simple, clear sharing

Send a link, control expiry and views, and give recipients clear status feedback at each step.

Create a VaultLink

Encrypt & ship credentials in one motion

Your payload never leaves the browser unprotected. Configure expiration and view limits with confidence.

Add a pass phrase

Workflow

How VaultLink moves a secret across the table

Fast handoff in under 30 seconds with privacy-safe status tracking and no shared passwords in chat histories.

01

Paste a secret

VaultLink encrypts on-device using a fresh key derived from your browser entropy.

02

Share the link

We store the ciphertext only. The decryption key stays in your URL fragment for recipients only.

03

Auto cleanup

Once the link expires or hits view limits, the payload is purged forever from VaultLink edge storage.

Secure password sharing controls

Built for PCI DSS, SOC 2, ISO 27001, and GDPR workflows

VaultLink helps teams share passwords and credentials with clear trust boundaries. Ciphertext is stored server-side, while decryption material stays client-side in the URL fragment. One-time links, configurable TTL, and max-view controls support data minimization and access-control policies used in regulated environments.

Separation of duties
Ciphertext and key are split
Retention controls
Configurable TTL and max views
Ephemeral access
One-time reveal with auto-expiry

Region-pinned edge

All data sits in a hardened EU region with encrypted Redis storage and automatic shredding.

Browser CSPRNG

Key and IV generation use Web Crypto (`crypto.getRandomValues`) in supported browsers.

Reveal status telemetry

Optional, privacy-safe events track create and reveal outcomes with masked paths after consent.

We use one consent cookie and optional analytics storage. Accept enables privacy-safe GA4 metrics with masked paths; reject keeps analytics disabled.