Share API Keys Securely

The problem

API keys pasted into Slack channels or email threads are visible to every member of that channel, indexed by search, and persist in logs. A leaked API key can grant full access to production services, databases, or billing accounts — often without any audit trail.

How Vaulted helps

With Vaulted, your API key is encrypted in the browser using AES-256-GCM before transmission. The link expires after a configurable view limit, eliminating the risk of keys sitting in old messages. The zero-knowledge architecture means Vaulted itself cannot read the key.

How to do it

1. Paste your API key into Vaulted
2. Choose a view limit (e.g., 1 view for a single recipient)
3. Share the link with the developer who needs it
4. The developer opens the link, copies the key, and the link expires

Share API keys from the command line

Use the Vaulted CLI to share API keys without opening a browser: npx vaulted-cli "sk_live_abc123" --views 1 --expires 1h. Add a passphrase for extra security: npx vaulted-cli "sk_live_abc123" -v 1 -p mypassphrase. Install globally with npm install -g vaulted-cli.

Share API keys in GitHub Actions

Use the Vaulted GitHub Action to share API keys in CI/CD workflows: uses: vaulted-fyi/share-secret@v1 with secret set to your API key. The action encrypts client-side and outputs a self-destructing link. Available on GitHub Marketplace.