Loading...
Loading...
Securely transfer database connection strings and passwords. Self-destructs after one read.
A database connection string is the highest-blast-radius credential most engineers handle on a normal day. The string postgres://admin:password@host:5432/db grants the holder the ability to read every row, drop every table, and (with replication slots) extract the entire history of changes — all without leaving a trace in the application's audit log.
When an attacker compromises a database connection string, the typical playbook is fast: dump tables to S3, drop or encrypt them in place, and post a ransom note in a new table. Backups do not always save you — well-funded attackers will probe for the backup credentials in the same paste, or wait until backups roll off retention.
PasteOnce fits the narrow window between 'this DBA needs read access for the next two hours' and 'we have a proper VPN and IAM auth in place.' Treat it as the handoff layer, not the steady-state access mechanism — and rotate the password the moment the engagement ends.
Client-side encrypted. We can't see your data.
Your data is encrypted in your browser before it leaves your device.
Messages are automatically deleted after being read once.
We never see your data. Only encrypted blobs pass through our servers.
Links work exactly once. Refresh the page and it's gone forever.
Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.
Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.
When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.
Do not share the admin user's connection string. Create a per-engagement role with only the schemas and tables the recipient needs, ideally read-only.
Add the recipient's IP to the database firewall rules before sending the link, and remove it the moment the engagement ends. Even a leaked string becomes useless from any other source.
Modern managed databases let you authenticate via short-lived IAM tokens instead of static passwords. The ideal handoff is an IAM grant, not a string at all — but PasteOnce remains the right answer for the bootstrap of the IAM credential itself.
Even if you trust the recipient, rotate the password (or revoke the role) when their work is done. This makes credential leaks bounded in time even if you missed something else.
You hire a DBA for a one-week query-tuning engagement. Create a read-only role on the replica, IP-allowlist their static IP, PasteOnce the connection string, and revoke the role when they hand off the report.
New backend hire needs to seed local development against staging data. PasteOnce the staging connection string with a scoped, read-only role; the developer copies it into their local secret manager and the link is gone.
A security incident requires your forensic responder to query the production database directly. PasteOnce the credentials with a created-for-incident superuser, document the access in your incident timeline, and rotate when the incident is closed.
A VPN plus IAM auth is the right long-term answer. PasteOnce covers the handoff that still has to happen — issuing the VPN credential, bootstrapping the IAM grant, or reaching the database in scenarios where a VPN is not yet provisioned.
Almost never. Create a per-engagement role with the minimum permissions needed, share that, and drop the role when done. Sharing the admin user is reserved for genuine emergencies — and even then, rotate the admin password afterwards.
Tighten the firewall to the recipient's IP before you share, and tighten back after. A connection string only works if the network path is open.
No. Encryption happens entirely in your browser before the request leaves your device. We see only an opaque encrypted blob, with no way to derive the original string.