How to Share Passwords and Files Securely with Ilusion

To share sensitive passwords or API keys, navigate to the main Ilusion creation page at https://ilusion.io/create. Paste your text—such as SSH keys, database credentials, or environment files (.env)—directly into the "Secure Secret" text input area. Ilusion guarantees that all text inputs are encrypted locally in your web browser utilizing WebCrypto API AES-256-GCM before the payload is sent over the internet.

Ilusion allows you to upload and share confidential documents, credentials, or code assets securely. Drag your files into the drag-drop area or click to browse. The browser breaks the files into chunks and encrypts them locally using the same AES symmetric key before uploading them to the cloud. Free accounts support file uploads up to 50MB, while Ilusion Pro accounts allow up to 100MB per secret.

By default, all secrets generated by Ilusion are set to "Burn on View." This means the server immediately destroys the database record the instant the recipient decrypts it. Alternatively, you can configure a time-based Time-To-Live (TTL) using the expiration dropdown. Choose from 5 minutes, 1 hour, 12 hours, 24 hours, or 7 days. Once the chosen expiration limit is reached, the encrypted payload is permanently purged.

If you want to protect your credentials against unauthorized access, toggle "Advanced Controls" on the creation form: • Custom Passphrase Protection: This adds a second layer of security by requiring the recipient to input a passphrase. The passphrase is typed and verified server-side using a secure SHA-256 hash. Without it, the browser cannot retrieve the encrypted payload. • IP Address Whitelisting: You can specify particular IP addresses that are allowed to open the link. If an unauthorized IP attempts to fetch the link, the server rejects the request, keeping the secret safe and intact.