1time.io is a zero-knowledge, open-source utility designed for the secure transmission of sensitive technical data. By performing AES-256-GCM encryption directly in the browser, it ensures that raw secrets never reach the server, providing a cryptographically secure method for out-of-band communication.
Key Features
- Browser-side AES-256-GCM encryption ensuring zero-knowledge storage.
- Self-destructing links that are permanently purged from the server after the first view.
- Support for secure file sharing (up to 10MB) and sensitive text-based secrets.
- Configurable expiration windows (1 to 30 days) and optional secondary decryption passphrases.
- CLI tool availability for automated secret sharing directly from the terminal.
- QR code generation for secure cross-device credential transfer during physical or wireless assessments.
Use Cases
- Securely sharing compromised credentials or API keys during red team engagements without leaving traces in chat logs.
- Delivering sensitive evidence or configuration snippets to clients via secure, one-time channels.
- Transferring environment variables or SSH keys between team members securely during a penetration test.
- Ad-hoc secure file transfers of small payloads or exfiltrated data fragments.
