S SecureShare Download app

Share account access without sending the password.

SecureShare creates encrypted local packages and bearer import links. Recipients import access into the desktop app, then launch controlled sessions with expiry, launch limits, and domain policy.

Try desktop app See workflow

Local-first
Encrypted packages
No password reveal UI

Owner Vault

Example CRM

secret stored

Access Package

example-crm.secureshare

expires in 7 days

Recipient Access

Anyone with link

Audit Trail

package exported

session launched

Create access

Pick an account and set expiry, launch count, recipient label, and allowed domains.

Send link or file

Export an encrypted `.secureshare` package and a bearer import link for the recipient.

Import locally

The recipient imports the package into their desktop app without seeing raw credentials.

Launch session

Credentials decrypt only inside the app for controlled browser injection.

Available now

Built for local, time-limited access sharing.

Local vault records
Encrypted .secureshare packages
Bearer import links
Expiry and launch limits
Allowed-domain policy
Recipient non-disclosure UI
Controlled browser sessions
Local audit trail

Security model

Honest protection boundaries.

SecureShare prevents normal UI disclosure and casual package inspection. In the current bearer-link model, anyone with the full package and secret link can import access until policy blocks it.

This milestone does not claim impossible extraction.

A malicious recipient who controls their machine may still attack memory, app code, or the target website. Recipient-device pairing and OS keychain storage are planned hardening steps.

Upcoming features

Next hardening pass.

Recipient device pairing
OS keychain storage
Signed installers
Revocation receipts
Owner-side audit return
Team policy profiles
Passkey/session-token support

Download SecureShare desktop.

Choose the installer for your platform. The protected workflow runs in the desktop app.

Desktop downloads are packaged and ready for release hosting. Public download links will appear here once binary hosting is enabled.

Changelog

Unreleased

Added

Unlimited time and unlimited-use policy options for local shares and exported access packages.

0.1.0 - 2026-06-12

Added

Electron + Vue desktop app for local-first account access sharing.
Owner Vault for local account records.
Encrypted `.secureshare` package export using AES-256-GCM and `scrypt`.
Bearer import links for local package sharing.
Recipient Access import flow with no raw credential display.
Controlled browser sessions with allowed-domain checks.
Expiry and launch-limit policy enforcement.
Local audit trail for package, session, navigation, and injection events.
Static hostable landing page with product workflow, features, upcoming features, and security boundaries.
Local demo login page for validating credential injection.

Security Notes

This release uses a bearer-link model: anyone with the full package and secret link can import access until local policy blocks it.
SecureShare prevents normal UI disclosure and casual package inspection, but it does not claim impossible extraction on a malicious recipient-controlled device.

Upcoming

Recipient device pairing.
OS keychain storage.
Signed installers.
Revocation receipts.
Owner-side audit return.
Team policy profiles.
Passkey/session-token support.