Client-side Encryption

Zero traces.
Pure control.

Duck Calls wraps OneTimeSecret into a command deck. Spin up self-destructing links and pull them exactly once without shipping new backend code.

Launch secret flow View Documentation

Region Sanity Check

Ping status endpoints to verify your edge connection.

200 OK < 90ms
Select Region
Method
POST /share
$ curl https://us.onetimesecret.com/v1/status READY

Secret Flow Command Deck

Trigger share links, configure TTL windows, and manage passphrases from one cockpit. Everything runs in-browser for GitHub Pages deployment.

Create a One-Time Secret

Authenticate when available to unlock higher limits. Duck Calls uses Basic Auth only in your browser session.

Waiting for payload.

Retrieve a Secret

Only one retrieval attempt is allowed per secret key. If a passphrase was set, include it to unlock the payload.

Ready to decrypt.

Security Briefing

Duck Calls is fully client-side for GitHub Pages deployment. Secrets and API credentials remain in your browser session only. For production workflows, prefer authenticated requests and region-specific endpoints.

Data locality

Use regional endpoints (US/EU) to satisfy compliance and latency requirements.

Single view only

Each secret burns after the first retrieval. Share links once.

Optional passphrases

Add a passphrase to secure sensitive payloads beyond the share URL.

Duck Calls is powered by OneTimeSecret and tailored for the Daren Prince platform. Visit the official REST API docs for the latest endpoint guidance.