Documentation

How to use 1hm.net

01
Create a secret
Go to the homepage, pick a content type (plain text, source code, password, or token), then paste your content — up to 1 MB. For source code, choose a language or leave it on auto-detect for syntax highlighting.
02
Choose an expiry mode
Once — destroyed atomically after the first successful view. 7 days — viewable any number of times, then deleted automatically. Forever — stays until you delete it yourself (requires a free account).
03
Add an access password (optional)
Enable "Password protect" to require a password before the secret can be revealed. Share the password through a different channel than the link itself — e.g. link via email, password via chat.
04
Share the link
Click "Generate link" and send the URL to your recipient. Links look like https://1hm.net/s/aB3xK9… — safe to paste into chat apps, because the secret is never exposed to link-preview crawlers.
05
Recipient reveals the secret
The recipient opens the link and clicks "Reveal". For one-time secrets this permanently destroys the content on our servers — refreshing the page afterwards shows nothing. Copy it before closing the tab.

Limits

📦
Content size
Up to 1 MB per secret — enough for config files, SSH keys, certificates, and most source files.
⏱️
Rate limits
Anonymous: 10 secrets per hour per IP. Signed-in: 100 secrets per hour. View attempts are also rate-limited to slow down brute-force guessing of links and passwords.
👤
Account quota
Free accounts include 100 secrets. Signing up also unlocks the dashboard — see status, view counts, and delete secrets manually at any time.

FAQ

Can I recover a secret that was already viewed?
No. One-time secrets are destroyed at the database level the moment they're revealed. There is no undo, no backup, no admin override — that's the point.
What if I sent the link to the wrong person?
If it hasn't been viewed yet and you have an account, delete it from your dashboard. Anonymous secrets can't be recalled — treat the link itself as the secret.
Will opening the link in a chat app preview burn my secret?
No. Revealing requires a human click plus a CSRF token, so crawlers from Telegram, Slack, Zalo, and similar apps can't consume it. See the Security page for details.
Is there an API?
Not yet — a token-based REST API is planned. It will appear on this page when it ships.
Tip: for anything truly sensitive, combine a one-time secret with an access password, and send the password over a different channel than the link.