How to Transfer a Sensitive Message or Secret Securely

by

When you work with technology, sometimes you need to share or manage private information.

And you want to make sure it’s shared securely.

Perhaps you had to test something quickly, but didn’t need to maintain the password.

Or, maybe you had a sensitive message, private link, or password you wanted to share with one person.

And since it’s temporary or a one-time thing, you don’t want to save in it your password manager.

I’ve had that happen to me over the years with my clients. Usually when we’re on a phone call.

In the past, I recommended One-Time Secret, a free online site anyone can use to transfer or share sensitive information safely.

One-Time Secret allowed you to send a secret, set an expiration, and add an optional passphrase.

Except my friend Eric Mann discovered One-Time Secret sends your secret and passphrase to their servers in plaintext.

Yikes!

Which is why Mann created his own end-to-end encrypted secret service, Project Swordfish. Read on to learn more about his service and how it works.

Project Swordfish

Project Swordfish: truly secure anonymous secret sharing. Form interface displays two input areas, one to paste your secret text, the second to add a passphrase.

Created by Eric Mann, the free Project Swordfish service lets you send secret text, private links, or messages safely and securely.

No need to set up an account. The online service allows you to add a passphrase if you choose.

Why Use Project Swordfish?

When you use email to send passwords or messages, copies of the info are maintained in different places.

Which means the info you send in email isn’t secure.

Project Swordfish offers a service that is:

  • Free
  • Anonymous
  • End-to-end encrypted

Want to review the code? Project Swordfish is open-sourced and available on GitHub.

What You Need to Know

Mann explained his process and background about Project Swordfish in his end-to-end encrypted secret sharing post.

Key points from his post:

  1. The project is hosted on AWS with CloudFront
  2. No analytics are gathered for the site
  3. The password derives two separate keys
  4. All data bound to your secret automatically expires and is purged after 24 hours

How Project Swordfish Works

To share a secret

  1. Visit Project Swordfish

  2. Enter your secret

  3. Enter your passphrase

  4. Select Encrypt your secret

  5. In the confirmation message, you’ll find your secret ID, passphrase, and link to retrieve your secret

    Confirmation message: Great success! Congratulation! Your secret is safe. Secret ID and passphrase have been blurred for secret, but link to retrieve it is active.

  6. Share the link with the person who want to share your secret (perhaps you’ll send the link via email)

  7. Share the passphrase in a different system than you shared the secret (If you shared the link in email, use text or some other system)

To receive the secret, a person visits the link, which automatically adds the Secret ID. The person needs to enter the passphrase and submit the info to have the secret displayed.

Project Swordfish interface with secret ID entered, but passphrase needs to entered. Retrieve and decrypt button allows secret to display.

Wrapping Up

Using an encrypted end-to-end service to share secrets keeps your info safe from systems that track you online.

While a password manager is the recommended method for maintaining information safely, sometimes you’ll want a service like Project Swordfish for those one-time transactions of secrets.

Photo of author

About the Author

Deborah Edwards-Oñoro enjoys birding, gardening, taking photos, reading, and watching tennis. She's retired from a 25+ year career in web design, usability, and accessibility.

Recent Posts

Contact

Via my contact page.

© 2007 - 2025 Lireo Designs

Privacy Policy Accessibility Statement