Encrypted Secrets is Tonmly's secure messaging system designed for sharing sensitive information that automatically self-destructs after viewing. Think of it as a digital equivalent of passing a note that disappears after being read.
Whether you need to share passwords, API keys, personal information, or any sensitive data, Encrypted Secrets ensures that your information is protected with military-grade encryption and can only be accessed once before being permanently deleted.
Zero-Knowledge Security: Your secrets are encrypted before reaching our servers. We cannot decrypt or read your messages - only the person with the link can view them.
Traditional communication methods like email, text messages, or chat applications store your sensitive information indefinitely, creating security risks. Encrypted Secrets solves this problem by ensuring your data is automatically destroyed.
Perfect for sharing:
- Passwords and passphrases
- API keys and tokens
- Credit card information
- Confidential documents
- Personal identification numbers
- Database credentials
- Private messages
- Any sensitive information
Common Mistake: Never share sensitive information through regular email, messaging apps, or unencrypted communication channels. These can be intercepted, stored indefinitely, and accessed by unauthorized parties.
Step 1: Access the Secrets Tool
Navigate to Tonmly/secrets or use the browser extension to access the encrypted secrets feature.
Step 2: Enter Your Secret
- Type or paste your sensitive information into the secret content field
- Maximum content limit: 10,000 characters
- For passwords, you can use the built-in password generator
Step 3: Configure Security Options
Expiration Time Options:
- 5 minutes (highest security)
- 30 minutes
- 1 hour (default)
- 4 hours
- 12 hours
- 1 day
- 3 days
- 7 days (maximum)
Additional Protection:
- Optional passphrase (up to 200 characters)
- CSRF protection enabled
- Secure HTTPS transmission
- No server-side logging
Step 4: Share the Link Securely
After creating your secret, you'll receive a unique link. Share this link through a separate, secure communication channel from the one you normally use.
Critical Security Warning: The secret link will only work once! Make sure the recipient knows this before sharing. Once clicked, the secret is permanently destroyed.
Generate cryptographically secure passwords directly within the secrets tool for immediate sharing.
Password Features:
- Configurable length: 12, 16, 20, 24, or 32 characters
- Includes uppercase and lowercase letters
- Contains numbers and special symbols
- Cryptographically random generation
- Automatically populated into secret content
The password generator ensures at least one character from each category (uppercase, lowercase, numbers, symbols) and shuffles the result for maximum security.
Do's:
- Use the shortest practical expiration time
- Add a passphrase for highly sensitive information
- Share the secret link through a different communication channel than usual
- Inform the recipient that the link only works once
- Verify the recipient received and accessed the secret
- Use HTTPS-enabled custom domains for additional security
Don'ts:
- Don't share the secret link and passphrase through the same channel
- Don't set unnecessarily long expiration times
- Don't include identifying information in the secret content
- Don't reuse the same passphrase for multiple secrets
- Don't share secrets containing illegal content
Pro Tip: For maximum security, share the secret link via one channel (like email) and the passphrase via another channel (like phone or SMS).
For organizations requiring additional privacy and control, Encrypted Secrets is available as a custom instance on your own domain name.
Custom Instance Benefits:
- Your own branded domain
- Complete data sovereignty
- Custom SSL certificates
- Enhanced compliance options
- Private server infrastructure
- Custom retention policies
- Advanced logging options
- Enterprise support
Custom instances maintain the same security standards while giving you complete control over the infrastructure and domain name. Contact our enterprise team to learn more about setting up a custom instance for your organization.
Enterprise Ready: Custom domain instances are perfect for businesses, government agencies, and organizations with strict security and compliance requirements.
Encryption Specifications:
- Algorithm: AES-256 in CBC mode
- Key Generation: Cryptographically secure random number generator
- Initialization Vector: Randomly generated for each secret
- Encryption Location: Client-side (browser) before transmission
- Key Storage: Never stored on servers - included in the access link
Infrastructure Security:
- Transport: TLS 1.3 encrypted HTTPS connections
- Storage: Encrypted secrets stored in secure database
- Access Control: Unique random URLs with no predictable patterns
- Audit Trail: No logging of secret content - only metadata
- Deletion: Cryptographic wiping ensures data cannot be recovered
Security Audit: Our encryption implementation follows industry best practices and undergoes regular security audits to ensure the highest level of protection.