Show HN: iKrypt – send a secret once (the key never hits our server)

I built iKrypt after realizing how often passwords, API keys, and other sensitive info still get shared over Slack DMs or email with “I’ll delete it later”.

iKrypt is a zero-knowledge, one-time secret sharing tool:

- Secrets are encrypted in the browser - The server stores only ciphertext - The decryption key lives only in the URL fragment (never sent to the server) - Links expire by time or view count - Optional email notification when a link is first opened

This is intentionally not a password manager or vault — it’s for quick, one-off handoffs where you don’t want sensitive data living forever in chat history.

Built with:

Next.js (App Router) Web Crypto (AES-GCM) Server-side expiry & view enforcement

Live here: https://ikrypt.com

Would love feedback on:

the encryption model

wording/claims around “viewed vs opened”

whether this solves a real problem for you, or what’s missing

Thanks for checking it out