Loading...
Loading...
Securely transfer server login details, root passwords, or admin access to team members.
A Linux server password is the loudest credential a sysadmin handles. Whoever types the right string at a getty or sshd prompt becomes that account, and if the account is root or sits in a permissive sudoers file, the holder owns PID 1, /etc/shadow, and the daemon that decides who else gets in. Debian 12 and RHEL 9 still ship password login for break-glass paths.
Pasting them into Slack or Confluence fills incident retros. Slack Enterprise Grid retains DMs in workspace exports, Confluence keeps prior page versions intact unless an admin purges history, and ITSM tickets bind the credential to the recipient for the lifetime of the record. Worse, the same string is usually accepted by every host bound to the same FreeIPA realm or LDAP/AD bind.
PasteOnce sits at the moment a fresh credential leaves a HashiCorp Vault `kv-v2` path or a CyberArk safe and has to land in a teammate's terminal. The link is read once, the ciphertext disappears, and the password should be rotated as soon as the recipient confirms — via `passwd`, `chage -d 0`, or an Ansible run.
Client-side encrypted. We can't see your data.
Your data is encrypted in your browser before it leaves your device.
Messages are automatically deleted after being read once.
We never see your data. Only encrypted blobs pass through our servers.
Links work exactly once. Refresh the page and it's gone forever.
Your sensitive data is encrypted in your browser using AES-256-GCM. The encryption key is generated randomly and never sent to our servers.
Only the encrypted blob is stored in our database, with an automatic expiration time. We literally cannot read your data.
When your recipient opens the link, the encrypted data is fetched and immediately deleted from our servers using an atomic Redis GETDEL. The key in the URL hash decrypts the message in their browser.
Run `useradd -m -G wheel contractor_alice` and grant a scoped sudoers fragment via `/etc/sudoers.d/alice` with `Cmnd_Alias` restrictions. PasteOnce the bootstrap password, force `chage -d 0` so first login triggers a `passwd` reset, then `userdel -r` at engagement end.
Run a jump host with Teleport, HashiCorp Boundary, or `sshd` plus `auditd` rules logging every `execve`. Internal hosts accept only connections from the bastion's address. A leaked password forces the attacker through that chokepoint, where `tlog-rec-session` captures keystrokes.
On AWS set `HttpTokens=required` via `aws ec2 modify-instance-metadata-options`; on GCP disable legacy metadata with `--metadata=disable-legacy-endpoints=true`. Pair with instance roles whose STS sessions expire in an hour, so a shelled host cannot mint a long-lived AWS principal.
Keep an Ansible playbook calling `ansible.builtin.user` against a value pulled from `community.hashi_vault.vault_kv2_get`. After a handoff or leak, run it across the inventory, watch `auth.log` for `password changed for root` entries, and diff `/etc/shadow` mtimes.
PagerDuty fires because `lastb` shows hundreds of failed logins from a residential ASN and one success against root. The on-call manager PasteOnces the rotated password from Vault to the senior SRE, who runs the playbook across 240 hosts.
A monitoring contractor needs ten days of sudo on one Grafana host. The team scopes `/etc/sudoers.d/grafana_ops` to specific `systemctl restart grafana-server` commands, PasteOnces the bootstrap password with a 6-hour TTL, and sets `chage -d 0` for first login.
A bare-metal host in a Hetzner cabinet has lost its network. A remote-hands tech needs the iLO/IPMI BMC password — the BMC sits on an out-of-band VLAN with no SSO. PasteOnce delivers the string; ops rotates via `ipmitool user set password`.
An automation run pushes a malformed sudoers file and locks operators out of `sudo`. The senior holding the recovery root password PasteOnces it so two pairs of eyes drive the `pkexec visudo` rollback; the password is rotated and re-sealed afterward.
Only as a break-glass path. Steady-state access should ride federated SSH certificates or Teleport short-lived certs. The root password exists for the day SSO is down or `sssd` cache has expired on a recovering host — on that day, PasteOnce beats chat.
Run `grep 'Failed password' /var/log/auth.log | awk '{print $11}' | sort -u` to surface unfamiliar source IPs, then check `lastb -F` for successful breaks. On systemd hosts, `journalctl _SYSTEMD_UNIT=sshd.service | grep Accepted` shows successful logins — anything outside your operator pool is the signal.
Drive rotation from configuration management. Ansible's `user` module with a Vault-backed lookup gives an idempotent run and a clean diff in `/etc/shadow`. Follow with `pkill -KILL -u root` on each host to terminate any sessions the old password established.
No — PasteOnce is a transport, not a vault. The canonical copy belongs in HashiCorp Vault, 1Password Business, or CyberArk PAM, with audit logging on every read. PasteOnce is the moment you pull a value out of the vault to hand to a human.