OpenSherpa OpenSherpa
Help Sign in Get started
Zero-knowledge · Open source · Self-hosted

Share passwords securely — seen once, then gone forever

Stop sending passwords in plain-text emails or chat messages. OpenSherpa generates a one-time link — the recipient sees the secret once, and it is permanently deleted from our servers.

Create free account Sign in Use it anonymously

OPENsource  SHaRPAssword

secrets safely protected

How it works

1. Enter the secret

Paste any password, API key, or sensitive text. Give it a description so the recipient knows what it is.

2. Share the link

Copy the generated one-time link and send it — by email, chat, or any channel. The decryption key never touches our servers.

3. Revealed & deleted

The recipient clicks "Reveal". They see the secret exactly once, then it is irrevocably wiped from the database.

Why use OpenSherpa?

Whenever you need to hand off a credential without leaving a permanent copy in someone's inbox or chat history.

📧

Safe handoff via email

Email is inherently insecure and often stored indefinitely. Instead of writing a password in the message body, paste the one-time link. Even if the email is intercepted or forwarded later, the secret is already gone once it was read.

🔄

Onboarding new team members

Share initial passwords or SSH keys with new colleagues. You get confirmation in the dashboard when they've retrieved the secret, and nothing lingers in your sent folder.

⚙️

CI/CD & automation

Use the REST API with an API token to create shares programmatically from scripts or pipelines — no browser needed.

🕵️

Verify receipt

The dashboard shows exactly when a share was opened. If the recipient says they didn't get it, you'll know instantly whether the link was ever accessed.

Security by design

Encryption key never stored

Every secret is encrypted with a unique key that lives only in the URL fragment (#…). Browsers never send fragments to servers, so even we cannot decrypt stored secrets.

Irrevocable deletion after reveal

The ciphertext is overwritten the moment the secret is revealed. There is no recovery path, no soft-delete, no backup copy.

No tracking, no CDN data leakage

No analytics, no third-party scripts, no external font or CSS CDN at runtime. Tailwind CSS is compiled locally at build time.

Self-hosted & open source

Run OpenSherpa on your own infrastructure. You control the data, the keys, and the retention policy.

Ready to share more safely?

No credit card required. Self-host in minutes with Docker.

Create free account