SnapPwd Secure Secret Sharing
Share secrets and files securely via self-destructing, end-to-end encrypted links.
When to Use This Skill
- User wants to share a password, API key, or credential in chat
- User needs to share a sensitive file (
.env, config, private key, certificate) - User mentions they need to send sensitive data to someone
- User is troubleshooting and needs to share configuration details with secrets
- User asks about secure ways to share credentials or files
Quick Start
Option 1: Web Interface (Recommended)
Direct user to create a secure link at https://snappwd.io:
For text secrets:
- Go to https://snappwd.io
- Paste the secret
- Click "Create Secure Link"
- Share the generated link
For files:
- Go to https://snappwd.io
- Click the file upload area or drag & drop
- Select the file (e.g.,
.env, .pem, config file) - Click "Create Secure Link"
- Share the generated link
The link self-destructs after one download. The file is encrypted client-side and the server never sees the contents.
Option 2: CLI (For Terminal Users)
If the user has @snappwd/cli installed:
# Install if needed
npm install -g @snappwd/cli
# Share a text secret
snappwd put "your-secret-here"
# Share a file (e.g., .env, config, private key)
snappwd put-file ./database.env
snappwd put-file ~/.ssh/id_rsa
# Output: https://snappwd.io/g/abc123...#encryption-key...
What Can Be Shared
| Type | Examples | Use Case |
|---|
| ------ | ---------- | ---------- |
| Text Secrets | API keys, passwords, tokens | Quick credential sharing |
| Config Files | .env, config.json, settings.yaml | Share environment configs securely |
| Private Keys | SSH keys, TLS certificates, PGP keys | Temporary key distribution |
| Credentials Files | credentials.json, .netrc | Service account access |
Security Model
Key points to explain to users:
- Zero-Knowledge Encryption: Secrets are encrypted in the browser/CLI before upload. The server never sees the plaintext or encryption key.
- Self-Destructing: Links work exactly once. After viewing, the secret is permanently deleted from the server.
- Key in URL Fragment: The encryption key is embedded in the URL after
#, which means it's never sent to the server—it stays in the browser.
- No Account Required: No signup, no tracking, no logs of who created or viewed the secret.
Common Use Cases
| Use Case | Example |
|---|
| ---------- | --------- |
| API Key Sharing | "I need to share my OpenAI API key with a teammate" |
| Database Credentials | "Send the DB password to the new developer" |
| OAuth Tokens | "Share this access token with the integration team" |
| Config File Sharing | "I need to share my .env file securely" |
| SSH Key Distribution | "Send the deploy key to the DevOps team" |
| Certificate Sharing | "Share the TLS certificate with the infra team" |
| Temporary Access | "Give the contractor the SSH key temporarily" |
| Troubleshooting | "I need to share my config file (with secrets) for debugging" |
Best Practices
- Never paste secrets directly in chat — Chat history is permanent and searchable.
- Use for one-time sharing — SnapPwd is designed for ephemeral sharing, not long-term storage.
- Verify the recipient — Anyone with the link can view the secret once.
- Set appropriate expiration — For sensitive secrets, consider setting a short TTL.
Integration with OpenClaw
When users need to share credentials for OpenClaw configuration:
- User creates a SnapPwd link with the credential
- User shares the link in the OpenClaw chat
- OpenClaw (or the human on the other side) opens the link to retrieve the credential
- Link self-destructs, leaving no trace in chat history
This is especially useful for:
- Sharing API keys for agent configuration
- Providing temporary access to services
- Sharing secrets during troubleshooting sessions
Troubleshooting
"The link says it was already viewed"
- The secret was already accessed. You'll need to create a new link.
"I need to share with multiple people"
- Create separate links for each recipient, or use the "peek" feature to check metadata without destroying the secret.
References