Skip to main content

Open-source secret sharing

Share Secrets
Securely

Stop sharing passwords in Slack, email, and ticket systems. Yopass encrypts secrets in your browser and generates one-time links that auto-expire.

Try the DemoGet Started

Trusted by engineers at

SpotifyDoddleGumtree Australia

The problem

Secrets don't belong in your chat history

Passwords and API keys shared over Slack, email, and tickets sit in plaintext — searchable forever, readable by anyone with access. Yopass replaces that with three simple steps.

01. Encrypt

Type or paste your secret. It's encrypted in your browser with OpenPGP before anything leaves your machine.

02. Share

Get a unique one-time link. Send it through any channel — the decryption key never touches the server.

03. Expire

The secret self-destructs after being viewed — or when the timer runs out. Nothing persists.

For teams & business

Advanced security governance

A clear audit trail and secure secret workflows across your entire organization — unlocked with a business license.

Secret Requests

Receive credentials securely from vendors or clients who don't use Yopass. Send a request link, they upload the secret, and you receive it encrypted.

Read Receipts

Know exactly when a secret is opened. Get notified by email or webhook the moment a one-time link is decrypted.

Webhooks

Push security events into your SOC or dev workflows. Trigger automated actions when secrets are created, requested, or accessed.

OpenID Connect Sign-In

Put secret creation behind single sign-on. Require users to authenticate through your OpenID Connect provider before sharing.

Audit Logs

Keep a non-repudiable record of sharing activity for compliance — who requested what and when, without ever exposing the secrets themselves.

2026-06-17T14:32:01Zsecret.created
{"outcome":"success","user_email":"user@example.com","client_ip":"203.0.113.42","secret_id":"e065107b78ac","one_time":true}

Built for security

Simple enough to actually use

Designed so that following best security practices becomes the path of least resistance.

End-to-End Encryption

Encryption and decryption happen locally in your browser. The server never sees your plaintext data.

No Accounts Needed

No sign-ups, no tracking, no cookies. Only the encrypted secret is stored — nothing else.

Open Source

Audit the code, contribute features, or self-host with full confidence on your own infrastructure.

Pricing

Free to start. Scale when ready.

Yopass is open source and free to self-host, always. The business license adds branding and higher limits — still running on your own infrastructure, because that's what makes it truly secure.

Open Source

Freeself-hosted, forever
  • End-to-end encryption
  • One-time secret links
  • File upload support
  • Configurable expiration (1h / 1d / 1w)
  • Redis or Memcached backend
  • Docker + Kubernetes deployment
  • Community support via GitHub
View on GitHub
Recommended

Business License

€149/ year · self-hosted

Everything in Open Source, plus: