Secure Password Sharing

Stop emailing passwords or pasting them into chat. PassCryp shares credentials with end-to-end encryption: per-vault keys wrap to each recipient's public key, the plaintext never touches our servers, and revoking a member rotates the vault instantly.

Start your free vault Security model

Item-level or vault-level sharing

Share a single Netflix login, or a whole project vault with 10 credentials. Same encryption either way.

Per-vault keys

Each shared vault has a fresh AES-256 key wrapped individually to every member's RSA public key.

Instant revoke + re-key

Remove a member and the vault re-keys client-side. Their wrapped copy becomes useless immediately.

Audit log of every reveal

See who viewed, copied, edited, or shared each credential — with timestamp and IP.

No plaintext on wire or server

Sharing is end-to-end. Even mid-share, we see only ciphertext + wrapped keys.

How sharing actually works

When you create a shared vault, your browser generates a random 256-bit AES vault key. The key wraps to your own RSA public key so you can decrypt it later. When you invite a member, your client fetches their public key from our directory, wraps the vault key to them, and uploads the wrapped copy. We store opaque wrapped keys; we never see the underlying AES key.

On their device, the invitee unwraps the vault key with their private key (which never leaves their device, encrypted at rest under their master password). From then on, they can decrypt every item in the vault locally. Encryption is symmetric; sharing the key is asymmetric. The plaintext path is end-to-end.

Revocation that actually works

When you revoke a member, the client generates a new vault key, re-encrypts every item in the vault to the new key, re-wraps the new key to remaining members, and deletes the revoked member's wrapped copy. The whole rotation happens in your browser; we just store the new wrapped blobs.

The revoked member retains any data they already exfiltrated (we can't un-show a password they already saw), but they cannot decrypt anything written after revocation. For high-value credentials, rotate the upstream password (e.g., reset the Stripe API key) in addition to revoking — same as you would with any other shared secret.

Patterns that work well

One shared vault per project. Members assigned per-project, not per-credential. Audit logs grouped by vault for easy review.

Personal vault stays personal. Shared vaults are clearly labelled in the UI so you don't accidentally save a banking login to the team vault.

Rotate credentials when a member leaves a project, even if they're staying in the company. Same principle as code-access revocation.

Frequently asked questions

Can I share a password with someone who doesn't have PassCryp?

Not directly. They need a free PassCryp account so we can wrap the vault key to their public key. Sign-up is 60 seconds and free.

What if the recipient screenshots the password?

There's no defense against that, in any password manager. Sharing only makes sense with people you trust to handle the credential responsibly.

Can I time-limit a shared password?

Item-level expiry is on the roadmap. Today, manual revoke is the workflow.

Does sharing leak anything to PassCryp?

No. We see encrypted ciphertext, wrapped keys, and audit metadata (who shared with whom, when). We never see the plaintext credential.

How many people can I share with?

Premium covers shared vaults for up to 5 family members. Pro covers up to 25 seats with team-level shared vaults.

Is sharing different from family vaults?

Conceptually the same. Family vaults are a pre-named shared vault for households; team sharing on Pro covers project-based shared vaults.

Ready to take control of your secrets?

Start a free zero-knowledge vault in under 60 seconds.

Start your free vault