Hey Hunters, it's Aleks!

I run a software development agency. Every week, it's the same story: a client needs to send us database credentials, a freelancer asks for API keys, or we need to hand off config files to a new team member.

And every time, someone just pastes it in Slack.

Or emails it.

Or drops it in a Google Doc called "stuff for dev."

We all know it's wrong. But the secure alternatives were always too heavy. Vault setups, CLI tools, enterprise platforms that require everyone to create an account and read a manual first.

I wanted something dead simple: upload files, share a link, done. But actually encrypted. Not "we promise we're secure" encrypted — encrypted in the browser before anything touches a server.

So I built SecretDrop.

It started as a weekend project for my own agency. Password-protected links with client-side AES-256-GCM encryption. No recipient account needed. The server literally cannot read your files.

Then I kept running into one more problem: for teammates and long-term collaborators, sharing passwords felt redundant. They already have accounts. Why can't I just send it directly to them?

So I built E2E Direct Transfer. Select a recipient by email, files get encrypted with their public key, only they can decrypt. No passwords. No shared secrets. Sender identity verified with digital signatures.

The whole thing is built on WebCrypto standards. No third-party crypto libraries. Private keys never leave the browser unencrypted.

I built this for myself first. Turns out every developer, freelancer, and agency has the exact same problem.

If you've ever pasted a secret somewhere you shouldn't have, this is for you.

Checkout SecretDrop, we have a Free Tier available which will already make your workflow more secure or use the Code "PH40" to get 40% off.

Cheers!

Or emails it.

SecretDrop

Encrypted file sharing for developers.

Encrypted file sharing for developers.