Last updated: March 16, 2026

Share credentials securely using SafeNote or PrivNote: paste your API key or password, set an expiration time, and send the link. The recipient views it once and it auto-deletes, leaving no server copy. For extra security, use browser-side encryption variants and avoid sending the link through logged communication channels. This approach eliminates password history vulnerabilities and reduces the window for credentials to be intercepted.

Prerequisites

Before you begin, make sure you have the following ready:

Step 1 - Understand One-Time Secure Notes

One-time note services work on a simple but powerful principle: the secret is stored, a unique link is generated, and after the link is visited once, the content is permanently deleted from the server. This eliminates the risk of the credential lingering in inboxes, chat logs, or server logs where it could be discovered later.

For developers working with executors, CI/CD pipelines, or automated deployment systems, these tools provide a secure way to pass sensitive values without hardcoding them or storing them in configuration files that might be committed to version control.

Step 2 - SafeNote: Open-Source Self-Hosting Option

SafeNote offers an open-source alternative that you can self-host, giving you complete control over where your sensitive data resides. This makes it particularly attractive for organizations with strict data sovereignty requirements.

Setting Up SafeNote

If you prefer self-hosting, you can deploy SafeNote using Docker:

docker run -d -p 8080:5000 --name safenote \
  -e SECRET_KEY=your-secure-random-key \
  safenote/safenote:latest

Once running, you can create a one-time note programmatically using the API:

curl -X POST http://localhost:8080/api/notes \
  -H "Content-Type: application/json" \
  -d '{
    "content": "DB_PASSWORD=super-secret-password-123",
    "burn_after_reading": true,
    "expiration": "1h"
  }'

The response returns a unique URL that you can share:

{
  "url": "http://localhost:8080/note/abc123xyz",
  "expiration": "2026-03-16T14:30:00Z"
}

Using SafeNote with Executors

When working with executors or automation tools, you can integrate SafeNote into your workflows:

import requests
import os

def create_secure_note(content, expiry_hours=1):
    """Create a one-time secure note via SafeNote API."""
    response = requests.post(
        f"{os.environ['SAFENOTE_URL']}/api/notes",
        json={
            "content": content,
            "burn_after_reading": True,
            "expiration": f"{expiry_hours}h"
        },
        headers={
            "Authorization": f"Bearer {os.environ['SAFENOTE_API_KEY']}"
        }
    )
    return response.json()["url"]

Share database credentials with a deployment executor
db_creds = "POSTGRES_PASSWORD=prod-db-secret-key"
note_url = create_secure_note(db_creds, expiry_hours=2)
print(f"Share this URL with your executor: {note_url}")

The executor can then retrieve the note programmatically:

def retrieve_and_burn_note(note_url):
    """Retrieve a one-time note and burn it immediately."""
    response = requests.get(note_url)
    if response.status_code == 200:
        # Note is now destroyed after this request
        return response.json()["content"]
    elif response.status_code == 404:
        return "Note already burned or does not exist"
    else:
        raise Exception(f"Failed to retrieve note: {response.text}")

secret = retrieve_and_burn_note(note_url)
Use the secret for your task, then it's gone forever

Step 3 - PrivNote: Quick Web-Based Solution

PrivNote provides a hosted service that requires no setup. You visit the website, create a note, and share the generated link. It’s ideal for quick, ad-hoc credential sharing without any infrastructure overhead.

Using PrivNote via the Web Interface

  1. Navigate to privnote.com
  2. Enter your sensitive credential in the text area
  3. Enable “Burn after reading” for one-time access
  4. Set an optional expiration time (1 hour to 30 days)
  5. Click “Create Note” and copy the generated link
  6. Send the link to your recipient

PrivNote API Integration

For developers who need programmatic access, PrivNote offers an API:

import requests
from requests.auth import HTTPBasicAuth

def create_privnote(secret_message, burn_on_read=True):
    """Create a PrivNote via API."""
    payload = {
        "data": secret_message,
        "burn_on_read": "1" if burn_on_read else "0",
        "expiration": "7d"  # 7 days max for free tier
    }

    response = requests.post(
        "https://privnote.com/api/v1/create",
        data=payload,
        auth=HTTPBasicAuth("your-api-key", "")
    )

    result = response.json()
    return {
        "link": result["note_link"],
        "destroy_key": result["destroy_key"]  # Keep this for manual deletion
    }

Generate a one-time credential share link
credential_note = create_privnote(
    "AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE\nAWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
)
print(f"Share this: {credential_note['link']}")
print(f"Destroy key (save if needed): {credential_note['destroy_key']}")

Security Considerations for Developers

While one-time notes are useful, you should understand their limitations and follow security best practices.

What One-Time Notes Protect Against

What One-Time Notes Don’t Protect Against

Best Practices

Always verify you’re using HTTPS when creating or viewing notes. For self-hosted solutions like SafeNote, implement proper TLS certificates using Let’s Encrypt or your organization’s PKI.

When sharing credentials with executors, consider combining one-time notes with additional verification:

import hashlib
import secrets

def create_verified_note_link(base_url, secret, verification_code):
    """Create a note link that requires separate verification."""
    note_data = f"{secret}\n\nVerification: {verification_code}"

    response = requests.post(
        f"{base_url}/api/notes",
        json={
            "content": note_data,
            "burn_after_reading": True
        }
    )

    note_link = response.json()["url"]
    return f"{note_link}?code={verification_code}"

Share the link and verification code through different channels
verification_code = secrets.token_hex(8)
link = create_verified_note_link("https://your-safenote-instance.com", "API_KEY=xxx", verification_code)
Send link via chat, verification code via SMS

This layered approach ensures that even if someone intercepts the note link, they cannot access the content without the separate verification code delivered through a different channel.

Step 4 - Comparing SafeNote vs PrivNote

For developers and power users, the choice depends on your requirements:

Feature SafeNote (Self-Hosted) PrivNote (Hosted)
Data control Full ownership Third-party server
Setup required Yes (Docker/server) No
API access Built-in API key required
Customization Full source access Limited
Cost Server costs Free tier / Premium

Self-hosting SafeNote gives you transparency over how your data is handled, while PrivNote offers convenience for quick, ad-hoc sharing without infrastructure management.

Troubleshooting

Configuration changes not taking effect

Restart the relevant service or application after making changes. Some settings require a full system reboot. Verify the configuration file path is correct and the syntax is valid.

Permission denied errors

Run the command with sudo for system-level operations, or check that your user account has the necessary permissions. On macOS, you may need to grant terminal access in System Settings > Privacy & Security.

Connection or network-related failures

Check your internet connection and firewall settings. If using a VPN, try disconnecting temporarily to isolate the issue. Verify that the target server or service is accessible from your network.

Frequently Asked Questions

How long does it take to use safenote or privnote for one time secure credenti?

For a straightforward setup, expect 30 minutes to 2 hours depending on your familiarity with the tools involved. Complex configurations with custom requirements may take longer. Having your credentials and environment ready before starting saves significant time.

What are the most common mistakes to avoid?

The most frequent issues are skipping prerequisite steps, using outdated package versions, and not reading error messages carefully. Follow the steps in order, verify each one works before moving on, and check the official documentation if something behaves unexpectedly.

Do I need prior experience to follow this guide?

Basic familiarity with the relevant tools and command line is helpful but not strictly required. Each step is explained with context. If you get stuck, the official documentation for each tool covers fundamentals that may fill in knowledge gaps.

Is this approach secure enough for production?

The patterns shown here follow standard practices, but production deployments need additional hardening. Add rate limiting, input validation, proper secret management, and monitoring before going live. Consider a security review if your application handles sensitive user data.

Where can I get help if I run into issues?

Start with the official documentation for each tool mentioned. Stack Overflow and GitHub Issues are good next steps for specific error messages. Community forums and Discord servers for the relevant tools often have active members who can help with setup problems.

Related Articles