Use case
Slack, email, and ticket comments are bad places for credentials. Flowvault Encrypted Send gives you a one-time encrypted link with a view cap, expiry window, and optional password gate.
30-second proof
Open the same demo vault twice: first with CorrectPassword, then lock and unlock with DecoyPassword. Same URL, same ciphertext on the server, two completely different notebooks.
Paste the credential, choose one view and a short expiry, copy the link, then send it through the channel you already use. If the link itself might be logged or forwarded, add a password and share that password through a separate channel.
The recipient gets a click-gated page that explains opening consumes a view. That prevents preview bots and accidental page loads from silently burning the note before a human is ready.
Encrypted Send is disposable by design. For secrets you need to keep, rotate, back up, or protect behind a decoy, create a regular Flowvault notebook instead and export a .fvault backup.
For most passwords and API keys, use one view and a one-hour or one-day expiry. Use longer windows only when the recipient is in a different timezone or unlikely to open the link soon.
Sometimes the secret isa file — a service-account JSON, a backup keyfile, a screenshot of a config screen. For those, use Encrypted File Send instead: same threat model, same URL-fragment-keyed AES-GCM, plus a secure delete link you can keep on hand to destroy the upload immediately if the channel turns out to be compromised. Up to 10 MiB, default one download, max 7-day expiry.
Flowvault is MIT-licensed and open end-to-end: frontend, Cloud Functions, Firestore rules, and crypto code are public. The server stores opaque ciphertext; your password and plaintext stay in the browser.