Secret sharing with Phase Lockbox

Sunday, March 10, 2024


You can now securely share secrets with users outside of your team with Phase Console's Secret Sharing feature: Lockbox. Secrets shared with Lockbox are encrypted with zero-trust encryption, and can only be accessed and views using the link. You can set a custom expiry policy for the link based on either number of views or a fixed expiry time.

Users sometimes need to share a single secret with a user who isn't on Phase or not in their Organisation. Rather than using insecure channels such as Slack or email, you can now create a secure link to share secrets with members in your team without having to invite them to join your Organisation in Phase.

Sharing a Secret

To share a Secret from the Phase Console, simply click the "Share" icon. This will bring up a dialog with a text box for you to customize, pre-filled with the secret values. You can set a custom expiry policy for each Lockbox link that you create, based on either a maximum number of allowed views, or a fixed expiry date.

create link

Clicking "Generate link" will asymmetrically encrypt this Secret with a one-time-use key, and provide you a link that you can copy and share with the recipient. The link contains a unique id as well as the key for decryption encoded in the URL Fragment. The key is only parsed client-side by the browser and never transmitted to the server.

copy link

Viewing a Secret shared with Phase Lockbox

Clicking the link will show the recepient the number of allowed views as well as the expiry time remaining. Clicking "View Secret" will decrypt and display this Secret, and increment the number of views.

open link

view secret

Secret sharing with Phase Lockbox is now live on Phase Cloud and available in v2.14.0.


The fastest and easiest way to get started with Phase. Spin up an app in minutes. Hosted in Frankfurt 🇩🇪


Run Phase on your own infrastructure and maintain full control. Perfect for customers with strict compliance requirements.