Skip to main content
New · SnapSend in Slack

Stop pasting secrets into Slack
without leaving Slack

Type /snapsend YOUR_SECRET in any channel. Get a self-destructing encrypted link back. The credential never sits in the message.

Important: Slack slash commands can't do browser-side encryption. Your secret exists in our server's memory for milliseconds during encryption — never logged, never stored. For maximum security, use the web app, where encryption happens entirely in your own browser.
Add to SlackOr use the web UI

Workspace admin install · Free to use · Same encryption as the web app

How it works

Three lines, fewer breaches

01

Type the command

/snapsend my-api-key in any channel or DM. The bot reads only your text — Slack signs and verifies the request.

02

Get an encrypted link

SnapSend encrypts with AES-256-GCM and returns an ephemeral link only you can see. Share it in the channel with one click, or just copy.

03

Recipient reads, link dies

First open destroys the share. Unread links auto-expire after 1 hour. The Slack message is now a one-time pointer to nothing.

When you'd reach for it

The five-second moments that used to leak credentials

Onboarding a contractor

/snapsend postgresql://… → contractor opens once → credential never in the channel.

Rotating a key in incident

/snapsend sk_live_… → paste in war-room → on-call opens → key auto-destructs.

Sharing an SSH key with new hire

/snapsend [private key] → new hire copies into ~/.ssh → link is incinerated.

Asking a teammate for a temp password

Use the web UI's Secure Receive — link the receiver via Slack.

Security model

What your workspace gets — and doesn't

AES-256-GCM, fresh key per share

Each /snapsend invocation generates a new 256-bit key. The encryption key sits in the URL fragment and never persists.

Slack signature verification

Every request is HMAC-SHA256 verified against your workspace's signing secret with timing-safe comparison. Replay attacks rejected at 5min.

Plaintext briefly in memory

Honesty: the slash-command flow can't do browser-side encryption. The plaintext exists in process memory for milliseconds during encryption — never logged, never persisted. Use the web UI for true zero-knowledge.

Read receipts in DM (Pro)

When your shared link is opened, the SnapSend bot DMs you the timestamp and country. Available on the Pro tier.

Command reference

/snapsend my-secret-text

Default: 1-hour expiry, self-destructs on first read.

What data does the Slack app request?

We request the minimum scopes Slack needs to register a slash command and respond to it. Nothing more. We do not ask for, store, or read your channels, message history, files, or members.

OAuth scopes

  • commandsRegister the /snapsend slash command.
  • chat:writeReply to your slash command with the encrypted link (only in the channel where you typed the command).

We don't request channels:read, files:read, users:read, or any history scope. You can verify this in your Slack admin panel after install: Settings → Manage apps → SnapSend → Permissions.

Uninstalling removes the integration completely. We delete the workspace token and any short-lived encryption state within seconds.

Make your Slack workspace less of a credential graveyard

Install once. Use forever. Free for unlimited shares.

Add to Slack