FyVault
Secure Sharing

Slack remembers every password you've ever shared

That Slack message from 2022 still has your production database password in it. Every developer knows they've done this. Most just try not to think about it.

Search your Slack history for "password" or "api key." Go ahead. We'll wait. Now imagine everyone else on your team can find those too. And every contractor who ever had access. And Slack's own infrastructure team.

Every credential shared through chat is permanent. Slack doesn't forget. Email doesn't forget. That Google Doc with "temporary passwords" from your last migration? It's still there. Indexed. Searchable. Waiting.

Share the secret, not the risk. Link self-destructs after one view.

How it works

Share once. Then it's gone.

01

Encrypt

Paste any credential, set a TTL, and generate a one-time link. The secret is sealed client-side before it ever touches the server.

02

Send the link

Drop the URL into Slack, email, SMS — whatever channel you already use. The secret itself never travels through that channel.

03

Gone forever

The recipient opens the link once. After that, the secret is permanently destroyed. No replays. No forwarding. No history.

CLI

One command. No more Slack messages.

fyvault secrets:share
$ fyvault secrets:share DATABASE_URL --ttl=1h
✓ Share link created
URL: https://app.fyvault.dev/share/fvs_k8m2p...
Expires: 1 hour
Views: 1 (one-time)
Link will self-destruct after first view.

Secrets don't belong in chat history

Every method below leaves credentials exposed permanently. Yours don't have to.

How credentials get leaked
Slack DM

Persisted forever, indexed, searchable by anyone with workspace access

Email

Forwarded, archived, backed up in plaintext across multiple servers

Google Doc

Revision history preserves every version — even the ones you deleted

Sticky note on a monitor

Photographed, lost, never destroyed — the original security breach

How FyVault handles it
Client-side encryption

AES-256-GCM before the secret leaves your browser

One-time viewing

Opened once, then permanently destroyed — no second chances

Full audit trail

Who created it. Who opened it. When. From where.

Auto-expiring TTL

Even if nobody opens the link, it self-destructs on schedule

Engineered for teams that don't cut corners

Single-view destruction

One open. One view. Then permanent deletion. No caching, no replays, no screenshots in your infrastructure logs.

Time-bomb TTL

Set expiry from 1 hour to 7 days. Unclaimed links self-destruct on schedule — no human intervention needed.

Forensic audit trail

Every share link records who created it, when it was opened, and the viewer's IP. The kind of paper trail auditors actually want.

Zero-knowledge encryption

The server never sees plaintext. Secrets are encrypted in your browser before the link is generated. We literally cannot read them.

SDK

Two lines to replace every bad habit

Generate self-destructing share links from Node.js, Python, or the CLI. No more pasting credentials where they don't belong.

typescript
const link = await fv.secrets.share("DATABASE_URL", {
  ttlSeconds: 3600,
});
// → { url: "https://app.fyvault.dev/share/fvs_...", expiresAt: "..." }
python
link = fv.secrets.share("DATABASE_URL", ttl_seconds=3600)
# → { "url": "https://app.fyvault.dev/share/fvs_...", "expires_at": "..." }

That database password is still sitting in 47 Slack channels.

Sleep better tonight. One-time links that self-destruct. Encrypted. Audited. Free to start.