One-Time Secret is a βone-time pasteβ service for passwords, private messages, and private links. After a user creates a secret link, the recipient can view it only once; once viewed, the content is deleted from the server. Unopened content also expires automatically based on its configured lifetime. It is not positioned as a full password manager, but rather as a way to reduce the risk of sensitive text lingering in email or chat history.
In terms of protection, it offers burn-after-reading behavior, expiration controls, and an optional passphrase. Anonymous users can set a maximum lifetime of 7 days, while free accounts can set up to 14 days; available durations range from 5 minutes to 7 days. If a passphrase is used, the service encrypts the secret with it and does not store the plaintext passphrase, keeping only a bcrypt hash. As a result, the platform claims it cannot decrypt the content. The service does not support images or files, on the grounds that files may contain metadata and are difficult to prevent from being copied. This reflects a relatively conservative security boundary.
For deployment, it offers both an online service and clearly states that its code is open source and available on Github, allowing users to run their own instance. It also provides custom installs. A free registered account can send secret links by email and includes API access, making it suitable for embedding one-time credential sharing into internal operations, customer support, or development workflows. However, the main content does not mention an enterprise console, audit logs, SSO, alerts, or permission management, so information about centralized governance capabilities is limited.
On pricing, anonymous and free accounts already provide access to the core features. Free accounts get a longer retention period, plus email sending and API support. The main content mentions that paid users can get larger message capacity, but does not disclose pricing, plans, payment methods, or SLA details. It is mainly suited to individuals, small teams, developers, and organizations that want to reduce plaintext password sharing. Companies that require compliance reporting and enterprise-grade auditing will still need to verify those capabilities separately.
Its strengths are simplicity, open-source transparency, self-hosting support, one-time deletion, and optional encryption. Its limitations are that it supports text only, the free capacity is 100KB, and it cannot prevent the recipient from copying the content. The main content does not provide information on network accessibility from mainland China or supported payment methods, so china_access can only be marked as unknown. If access or compliance requirements are not met, alternatives include Bitwarden Send, 1Password secure sharing, Privnote, or a self-hosted One-Time Secret instance.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on mammoth472.com official site.
mammoth472.com is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 5.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach mammoth472.com directly.