Securely Share Your Secrets
Encrypt sensitive information and share it via a secure, self-destructing link.
Retrieve Secret
Enter the link or token to open a secret.
Why Sgalinski Share?
The most secure way to share confidential information with others.
End-to-End Security
Your data is encrypted with a modern algorithm before it reaches the database.
Time Limit
Secrets are automatically deleted after up to 12 weeks or immediately after the first read.
Password Protection
Additional security through an optional password for each secret.
How Sgalinski Share works
Three simple steps to a secure one-time link – no registration required.
1. Enter your secret
Enter your password, API key or any other confidential information into the text field and optionally select an expiry time.
2. Receive a secure link
Sgalinski Share encrypts your data server-side using a modern encryption algorithm. You receive a unique share link that can only be opened once.
3. Share the link safely
Send the link via email, chat or WhatsApp. After the first access or when the time limit expires, the secret is permanently deleted.
Who can use sgalinski share?
Secure sharing of sensitive data is a daily necessity in many industries.
Developers & IT teams
Share SSH keys, API tokens, database passwords and server credentials securely within your team – without insecure emails or messengers.
Healthcare
Transfer temporary access credentials to patient records or medical systems in a GDPR-compliant and traceless way – the link destroys itself after opening.
Law firms & legal consultants
Send client-sensitive information, PIN codes or document passwords encrypted and without persistent server logs.
Banks & Financial Services
Transmit TANs, temporary credentials for banking systems, or customer PINs in a GDPR-compliant and traceless manner – without email risk.
HR & Human Resources
Send new employees initial passwords, access credentials, and confidential contract information securely without permanent storage traces.
Remote & Distributed Teams
Share server access, VPN credentials, and deployment keys securely across country and time zone boundaries – without messenger risk.
Why you can trust Sgalinski Share
Built on proven cryptography standards, operated in Germany, developed by experienced security experts.
XChaCha20
State-of-the-art encryption
No Plaintext
No plaintext or key material logged
GDPR
Servers & operations in Germany
100%
100% free – no hidden costs
Security in detail
Transparency matters to us. Here you learn exactly how Sgalinski Share protects your data.
Encryption
All secrets are encrypted with a modern algorithm – the current state of the art for authenticated encryption.
- ✓modern encryption algorithm
- ✓Random nonce per secret
- ✓Keys exclusively in environment variables
Automatic deletion
Secrets exist only as long as necessary. After expiry or after the first read, they are hard-deleted – with no possibility of recovery.
- ✓Hard deletion (no soft-delete)
- ✓Scheduled cleanup job for expired secrets
- ✓One-time mode: immediate deletion after display
No logs
We do not log any secret content, access tokens, or IP addresses in connection with secrets. What we don't store cannot be misused.
- ✓No plaintexts in logs or database
- ✓Tokens stored only as secure hash
- ✓No link between IP address and secret
Token security
Access and delete tokens are never stored in plaintext. Only an encrypted HMAC hash with a server-side pepper remains in the database.
- ✓Secure hashing with server pepper
- ✓Constant-time comparisons against timing attacks
- ✓Rate limiting on all critical endpoints
What our users say
Sgalinski Share is used daily by IT professionals, agencies, and businesses.
★★★★★
"Finally a simple solution to securely share passwords. No Slack, no email – just generate a link and done."
M
Markus T.
Senior DevOps Engineer
★★★★★
"As an agency, we use Sgalinski Share daily to hand over credentials to clients. GDPR-compliant, no registration required – perfect."
S
Sandra K.
Managing Director, Digital Agency
★★★★★
"Integrating the API into our CI/CD pipeline took just a few minutes. No more plaintext secrets in our deployment scripts."
A
Andreas L.
Lead Developer, SaaS Startup
Maximum Security: The Vault-in-Vault Architecture
Why even we as the operator cannot read your data.
1. Master-Key (Server)
All data is encrypted with a secure master key on the server (Encryption-at-Rest).
2. Token-Key (URL)
An additional encryption layer uses the share token from the URL. Since we only store the hash of the token, decryption without the link is technically impossible.
3. Password-Key (Optional)
An optional password forms the innermost protection layer. This is never stored and is the ultimate barrier against unauthorized access.
What can an administrator see?
An administrator with access to the server and database sees only encrypted data blocks. Without the share token from your link, they cannot break through the middle protection layer. Your privacy is mathematically guaranteed.
Frequently asked questions
Everything you need to know about Sgalinski Share.
Sgalinski Share uses modern encryption – a state-of-the-art, security-audited algorithm. Secrets are stored encrypted in the database and are not readable server-side. Access tokens are only stored as secure hashes.
You can choose an expiry time from 15 minutes up to 12 weeks. One-time secrets are deleted immediately after the first access. After the time limit, all data is permanently removed.
No. Sgalinski Share is fully usable without registration or an account. No personal data is collected.
Yes. We do not store plaintext on the server, no IP addresses in connection with secrets, and no access tokens in plaintext. The servers are located in Germany. The service is operated by sgalinski Internet Services.
Yes. sgalinski share provides a REST API that allows you to automate the creation of secrets. White-label and custom domain solutions are also available for businesses.
For one-time secrets, the secret is immediately and irreversibly deleted after the first retrieval. Any subsequent attempt to open the link receives a generic error message – with no indication of whether the secret ever existed.
The password is never stored in plaintext. It is hashed server-side and used as an additional authentication factor when decrypting the secret. Without the correct password, the secret is not accessible.
Yes. For security and performance reasons, there is a maximum size for the content of a secret. Sgalinski Share is optimized for credentials, passwords, and short confidential texts – not for transferring large files.
sgalinski share is developed and operated by sgalinski Internet Services. For businesses, we offer solutions with a custom domain and individual branding.
After creating a secret, you receive both a share link and a separate delete link. Using the delete link, you can immediately and permanently delete the secret before anyone else retrieves it.
Ready for maximum security?
Create your first encrypted secret now and share it securely.
Create Secret