Enterprise Secret Sharing.
Leave Zero Trace.

Stop sending passwords, API keys, and sensitive files over Slack, Jira, or email. GoSecureShare is a 100% on-premise, zero-knowledge vault that gives IT, DevOps, and Security teams complete control over every shared credential — with full audit trails and zero cloud dependency.

lock
AES-256
Encryption Standard
phonelink_lock
TOTP
MFA — Live Now
cloud_off
47
Cloud Dependencies
verified_user
SOC 2
Audit-Ready Logs

The problem with how teams share secrets today

mark_email_unread

Email & Chat

Credentials sit in inboxes and Slack forever, searchable by anyone with access.

cloud_off

Cloud Vaults

Third-party SaaS holds your keys. One breach exposes every client secret.

manage_search

No Audit Trail

Who accessed the secret? When? From where? Most tools cannot answer this.

gpp_bad

Compliance Risk

GDPR, ISO 27001, and SOC 2 require traceable, encrypted data handling.

How It Works

From Secret to Self‑Destruct

Three simple steps. Zero cloud. Your secret travels from creation to destruction entirely on your own infrastructure — leaving no trace.

1
edit_note

Create Secret

Type a password, API key, SSH key, or upload a file. Set an expiry and an optional access PIN.

tune TTL & PIN controls
2
lock

AES-256 Encrypted

The secret is encrypted client-side using AES-256-GCM before it ever touches the database. Keys never leave your server.

encrypted Zero-knowledge vault
3
link

Share the Link

A unique one-time URL is generated. Send it via any channel — email, Slack, Teams. Only the URL holder can decrypt.

share Unique one-time URL
4
link_off

Self‑Destructs 💥

After first view — or on expiry — the secret is permanently deleted. Nothing lingers. Every access is logged.

delete_forever Burn-after-reading
cloud_off 100% on-premise — zero cloud
receipt_long Every access logged with IP & timestamp
timer Secrets expire on first view or TTL

Platform Capabilities

Enterprise Secret Sharing Features for Security Teams

Every feature designed around zero-trust principles, forensic auditability, and full data sovereignty.

lock

AES-256-GCM Encryption

Every secret encrypted client-side before storage. Keys never leave your server. Zero-knowledge by design.

link_off

Burn-After-Reading Links

Secrets self-destruct after first view or a configurable number of views. Nothing lingers.

admin_panel_settings

Role-Based Access Control

Granular RBAC with custom roles. Admins, managers, and viewers each see exactly what they should.

domain

LDAP / Active Directory

SSO via your existing directory. Users authenticate with corporate credentials — no separate account provisioning.

phonelink_lock

TOTP Multi-Factor Auth

Enforce MFA across your organisation. Compatible with Google Authenticator, Authy, and hardware tokens.

fact_check

Forensic Audit Logs

Every access, share, view, and deletion timestamped with IP and user. Immutable. Export-ready for compliance reports.

attach_file

Encrypted File Sharing

Share certificates, SSH keys, PDFs, and config files. Encrypted in transit and at rest, deleted on reveal.

schedule

Expiry & TTL Controls

Set exact expiry dates or retention windows. Automated sweeper purges stale secrets at 00:00 and 12:00 UTC.

database

100% Self-Hosted

Runs on your infrastructure via Docker Compose. No cloud accounts, no telemetry, no vendor lock-in. Your data stays yours.

Why GoSecureShare

Why Choose a Self-Hosted Secret Sharing Platform

shield

Data Sovereignty

Your secrets never leave your network. No third-party ever has access — not even us.

verified_user

Compliance Ready

Audit logs, RBAC, and encryption meet SOC 2, ISO 27001, GDPR, and HIPAA requirements.

rocket_launch

Deploy in Minutes

Single Docker Compose command. No Kubernetes, no cloud accounts, no complex configuration.

Security & Governance

Security Governance & Compliance Controls

GoSecureShare is built from the ground up for regulated industries where auditability and access control are non-negotiable.

groups RBAC & Role Management

  • Custom roles with granular permission sets
  • Namespace-level isolation between teams
  • Principle of least privilege enforced at API layer
  • LDAP group mapping to platform roles

receipt_long Audit & Compliance

  • Immutable audit log — every access timestamped with IP
  • Export-ready for SOC 2 and ISO 27001 reports
  • Retention policy engine with configurable sweep schedule
  • Admin dashboard with live event stream

encrypted Cryptographic Standards

  • AES-256-GCM for all secret content
  • Argon2id password hashing
  • JWT-based session tokens with configurable TTL
  • TLS enforced on all internal service communication

security Authentication

  • TOTP MFA enforcement org-wide
  • LDAP / Active Directory SSO
  • Session invalidation on password change
  • Rate-limited login with brute-force protection

Product Roadmap

GoSecureShare Product Roadmap

Live

v1.0 — Core Platform

AES-256 text secrets, burn-after-reading links, TTL expiry, admin dashboard.

Live

v1.1 — RBAC + Namespaces

Custom roles, namespace isolation, principle of least privilege at API layer.

Live

v1.2 — TOTP MFA

Time-based one-time passwords. Org-wide enforcement. Compatible with all TOTP apps.

Live

v1.3 — Encrypted File Sharing

Upload and share encrypted files. Auto-deleted on reveal or expiry.

Live

v1.4 — LDAP / Active Directory

Native SSO via corporate LDAP and AD. Group-to-role mapping.

In Progress

v1.5 — REST API & Webhooks

Programmatic secret creation. HMAC-signed webhook callbacks for CI/CD pipelines.

Planned

v2.0 — SAML 2.0 & OIDC SSO

Enterprise SSO via Okta, Azure AD, Google Workspace, and any SAML 2.0 provider.

Simple Pricing

GoSecureShare Enterprise Pricing

One plan. Unlimited users. Unlimited secrets. No per-seat tax.

Enterprise Edition

$499 /year

Most Popular
  • check_circle Unlimited users — no per-seat fees
  • check_circle Unlimited secrets & file shares
  • check_circle All features: RBAC, LDAP, TOTP MFA, audit logs
  • check_circle 12 months of updates & priority support
  • check_circle Deploy on your own server in under 5 minutes
Buy Now — $499/yr

Free Trial

$0 / 30 days

  • check_circle Full platform access for 30 days
  • check_circle All enterprise features unlocked
  • check_circle No credit card required
  • check_circle Community support via GitHub
Start Free Trial

Installation

Deploy GoSecureShare in 60 Seconds

One command. No Kubernetes. No cloud account. Works on any Linux server with Docker.

Download the install script

curl -fsSL https://raw.githubusercontent.com/kisa-ops/GoSecureShare/main/install.sh -o install.sh && chmod +x install.sh

Run the installer as root

sudo ./install.sh

Wait 60–90 s, then open your browser

https://<your-server-ip>:8443  # Platform admin https://<your-server-ip>      # Recipient portal

Requires Ubuntu 20.04+ / Debian 11+ / Rocky Linux 8+ · Docker Engine · Ports 443 & 8443 open

FAQ

Frequently Asked Questions

What is GoSecureShare?expand_more

GoSecureShare is a 100% self-hosted, zero-knowledge enterprise secret sharing platform. Deploy it on your own server and share passwords, API keys, SSH keys, certificates, and files securely — with full audit trails and zero cloud dependency.

What is self-hosted secret sharing?expand_more

Self-hosted secret sharing means running the entire platform on your own infrastructure. No data, no encryption keys, and no metadata ever leave your servers. You retain complete control and sovereignty over every shared credential.

Does GoSecureShare integrate with LDAP or Active Directory?expand_more

Yes. GoSecureShare v1.4 ships with native LDAP and Active Directory integration. Users authenticate with their existing corporate credentials, and LDAP groups can be mapped directly to platform roles.

Is GoSecureShare SOC 2 and ISO 27001 compliant?expand_more

GoSecureShare is designed to be SOC 2 and ISO 27001 audit-ready. Immutable audit logs, RBAC, AES-256 encryption, TOTP MFA, and data retention controls provide the evidence trail auditors require.

How is GoSecureShare different from 1Password or Bitwarden?expand_more

Password managers store secrets indefinitely for repeated retrieval. GoSecureShare is designed for secure one-time credential handoff — a burn-after-reading vault. Secrets self-destruct after first view, leaving no trace. Complementary tools, not competitors.

Does GoSecureShare work with CI/CD pipelines?expand_more

A REST API with HMAC-signed webhook callbacks is on the v1.5 roadmap. Once live, pipelines will be able to programmatically create secrets and receive delivery notifications.

Does GoSecureShare ever see my data?expand_more

No. GoSecureShare is 100% self-hosted. We have zero access to your servers, data, encryption keys, or metadata. There is no telemetry, no phone-home, and no cloud account required.

What encryption does GoSecureShare use?expand_more

AES-256-GCM for all secret content and encrypted files. Argon2id for password hashing. JWT tokens for session management with configurable TTL. All internal service communication is TLS-only.

Does GoSecureShare require Kubernetes?expand_more

No. GoSecureShare deploys via a single Docker Compose command on any Linux server. No Kubernetes, no Helm charts, no cloud provider. If your server runs Docker, it runs GoSecureShare.

How much does GoSecureShare cost?expand_more

GoSecureShare Enterprise Edition is $499 per year — unlimited users, unlimited secrets, 12 months of updates and priority support. A 30-day free trial is available with no credit card required.

Get Started

Ready to Secure Your Credentials?

Purchase a licence or start your 30-day free trial. No credit card required. Deploy in minutes on your own infrastructure.

Questions? Email contact.us@gosecureshare.com