One-Time Secret is a one-time sharing tool for passwords, private messages, and private links. Its core idea is to generate a secret link that the recipient can view only once; once the content has been read, it is deleted from the server, reducing the risk of sensitive information lingering in email, chat tools, or logs. The project was created by Delano. The site states that it has been online since 2012, that its code is open source and hosted on Github, and that it helps share more than 50,000 secrets each month.
In terms of protection, it is a lightweight sensitive-information transfer and self-destructing message tool, not a full password manager or DLP platform. Users can set expiration periods, including 7 days, 3 days, 1 day, 12 hours, 4 hours, 1 hour, 30 minutes, and 5 minutes. For anonymous users, unread content is stored for up to 7 days; for free accounts, up to 14 days. An optional passphrase can be used to encrypt the secret. The server does not store the passphrase itself, only a bcrypt hash, so the official claim is that it cannot decrypt passphrase-protected content. It also provides random password generation, which is useful for sending temporary credentials.
For deployment, the main offering is an online web service, while the full codebase is open source, allowing users to audit the code or run their own instance. The official site also mentions custom installs. A free registered account enables features such as sending secret links by email, API access, and a maximum 14-day lifetime. There is limited information on management and alerting: lifecycle control and deletion after viewing are confirmed, but there is no clear documentation for team permissions, audit logs, alerts, SSO, or centralized policy management.
Both anonymous use and free accounts are available, and registering a free account unlocks additional capabilities. The site only states that the maximum message size for anonymous and free accounts is 100KB, while paid users can use larger limits; it does not disclose plan pricing, payment methods, or SLA details. The service explicitly does not support images or files, arguing that files may contain metadata and cannot be guaranteed not to be copied and redistributed. This makes the product scope very clear, but also limits its range of use cases.
Its strengths are simplicity, a low barrier to entry, open-source code, self-hosting support, and the ability to reduce long-term retention of sensitive text in email and IM tools. Its weaknesses are that it cannot prevent recipients from copying text, and there is limited public information on compliance certifications, enterprise administration, or advanced integrations. It is suitable for individuals, development teams, operations teams, and security teams that need to temporarily share passwords, tokens, or private links. If an organization requires auditing, role-based permissions, compliance reporting, or reliable access from mainland China, it may need to evaluate alternatives such as Bitwarden Send, 1Password sharing features, PrivateBin, or a self-hosted solution.
The source text does not provide information on access from mainland China, payment methods, or localization support, so china_access can only be marked as unknown. For production use, it is recommended to test network reachability and email delivery reliability in practice, and to prioritize self-hosted deployment to reduce cross-border access and data compliance risks.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on ltlsoftware.net official site.
ltlsoftware.net is an Unknown Cybersecurity provider. TG4G tracks its product information, an overall rating of 6.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach ltlsoftware.net directly.