About Vaulted

We've all done it — pasted a password into Slack, emailed an API key, or texted a login credential. It's fast and convenient, but that secret now lives in message history, email archives, and server logs forever.

Vaulted exists to make the secure way just as easy as the insecure way. Create a link, share it, and it self-destructs after being read. No accounts, no apps to install, no friction.

Everything is encrypted in your browser using AES-256-GCM before it reaches our server. The encryption key lives in the URL fragment — the part after # — which browsers never send in HTTP requests. We literally cannot read your secrets, even if we wanted to.

This isn't a marketing claim — it's a technical constraint. Our security page explains the full threat model, including what we protect against and what we don't.

Vaulted isn't just a web form. We provide a CLI tool, a GitHub Action, and a REST API so you can integrate secure secret sharing into your workflows, CI/CD pipelines, and automation.

No user accounts. No email verification. No app to download. No subscription. Vaulted does one thing — encrypted secret sharing — and does it well.

Complexity is the enemy of security. The fewer moving parts, the fewer things that can go wrong.