TATER Vault — One-Time Send

What it is

One-time Send lets you share a sensitive value — a password, an API key, a recovery code, a private note — with anyone (even people who don't use TATER) via a self-destructing link. The secret is encrypted in your browser before it leaves your device, and the decryption key travels only inside the link. TATER's servers store the ciphertext but never the key, so we literally cannot read what you sent. After the recipient views it the allowed number of times, or the link expires, the secret is permanently destroyed.

How it works (zero-knowledge)

1. Your browser generates a one-time AES-256 key and encrypts the secret with it.
2. Only the ciphertext + your view/expiry settings are sent to TATER. The key never is.
3. TATER returns a link of the form vault.tatersecurity.com/send.html#<id>.<key>. The part after the # (the fragment) is the key — browsers never transmit the fragment to any server.
4. The recipient opens the link; their browser fetches the ciphertext and decrypts it locally with the key from the fragment.
5. Each view consumes one of the allowed views. When they run out — or the expiry passes — TATER deletes the ciphertext.

Creating a Send

1. Open TATER Vault and click 📤 Send.
2. Paste the secret, then set:
   • Views — how many times it can be revealed (default 1).
   • Expires (hours) — auto-destroys after this long even if never viewed (default 7 days, max 30).
   • Label (optional) — a hint shown to the recipient (e.g. "WiFi password").
   • Password (optional) — an extra gate the recipient must enter. Stored only as a hash.
3. Click Create link, then Copy link and share it however you like.

Important: the decryption key exists only in the link. TATER cannot recover it — if you lose the link before the recipient opens it, the secret is gone.

Managing & burning sends

The Send dialog lists your active sends with their remaining views and expiry. Click Burn to destroy any send immediately. Sends also auto-expire server-side and are purged after expiry.

Security notes

• Zero-knowledge — encryption/decryption happen only in the browser. TATER stores ciphertext, never the key or plaintext.
• View-once enforced server-side — the server counts views and deletes the ciphertext when exhausted, so it can't be re-fetched.
• Optional password — stored as a SHA-256 hash and compared in constant time.
• Rate-limited public endpoints — the recipient-facing endpoints are throttled and never reveal whether a given send id exists.
• Anyone with the full link can view the secret — treat the link itself as the secret and share it over a trusted channel.