ShareOTP
Sign inStart for free

Docs

ShareOTP documentation

Learn how to set up a workspace, share TOTP access safely, and keep every code event audit-ready.

On this page:QuickstartCore conceptsVault & codesAdmin controlsSecurityAPIFAQSupport

Quickstart

Get operational in minutes

A fast path from signup to secure code sharing. Follow these steps to launch your vault.

01

Create your workspace

Sign up with your organization name and verify your email to activate the workspace.

Sign up
02

Invite the team

Admins can invite teammates, assign roles, and track pending invites. Invite links expire after 7 days.

Open admin users
03

Add TOTP accounts

Add accounts by pasting a Base32 secret or uploading a QR code. Issuer and tags keep the vault searchable.

Create account
04

Share and use codes

Grant per-account access so members can reveal and copy codes without seeing the underlying secrets.

Go to vault

Core concepts

Understand the building blocks

ShareOTP keeps access simple by separating vaults, accounts, permissions, and audits.

Vault

The vault is the shared list of TOTP accounts. Members only see accounts explicitly granted to them.

Accounts

Each account stores an issuer, name, and tags. Codes refresh every 30 seconds and stay masked until revealed.

Permissions

Access is view-only today. Admins grant or revoke access per account, and members can only reveal codes.

Audit log

Sensitive actions like code views, copies, account changes, and access updates are recorded for review.

Vault & codes

Reveal only what you need, when you need it

The vault keeps every TOTP account organized while protecting the underlying secrets. Members can reveal time-based codes on demand and copy them with a single click.

Search by name, issuer, or tag to locate an account fast.
Codes stay masked until you click Reveal, then auto-hide after they expire.
Countdown timers show how long each code is valid.

Member checklist

Find what you need

Search by name, issuer, or tag to locate the right account.

Reveal and copy

Click Reveal to show the current code. Use Copy to send it to your clipboard. Codes auto-hide after they expire.

Stay organized

Tags and issuers help you scan the vault quickly.

Admin controls

Keep ownership with clear admin workflows

Admins can manage accounts, permissions, and billing without distributing sensitive secrets.

Account lifecycle

Create, edit, and retire accounts without exposing secrets.

Add accounts via Base32 secret or QR code upload (decoded in-browser).
Edit issuer, name, or tags to keep your vault organized.
Export a secret when you need to back up or rotate credentials.
Delete accounts only after confirming downstream access changes.

Sharing access

Grant access quickly while keeping permissions explicit.

Use the share menu on any account to grant or revoke access.
Bulk-share to multiple users when onboarding new teammates.
Admins can view all accounts and manage access in real time.

Users and billing

Keep seats, invites, and plan limits in sync.

Invite users by email and monitor pending invites.
Seat limits count active users and open invites.
Audit retention and seat limits depend on your plan.

Security

Security-first by default

ShareOTP is designed to keep secrets locked while still enabling fast access.

Encryption

Secrets are encrypted at rest and are never shared directly with members.

Controlled access

Admins assign per-account permissions so members only see what they are granted.

Audit-ready

Every sensitive action is logged for compliance, investigation, and reporting.

Security checklist

Secrets are encrypted at rest and in transit.
TOTP codes are generated server-side and delivered only to authorized users.
QR decoding happens in the browser so images are never uploaded.
Audit logs capture code views, copies, account changes, and access events.
CSRF protection and login rate limiting protect sensitive actions.

API

Public API for automation

Integrate ShareOTP with internal tooling using admin-issued API keys. View the full API documentation and OpenAPI spec.

View API docsDownload OpenAPI

FAQ

Answers to common questions

Why can't I see a specific account?

Only accounts explicitly granted to you appear in the vault. Ask an admin to grant access if something is missing.

What if an invite link expires?

Invite links expire after 7 days. Admins can resend invites from the Users page.

A QR code won't decode. What should I do?

Try uploading a clearer image or paste the Base32 secret directly in the Add account flow.

How long are audit logs retained?

Retention depends on your plan. Check Organization settings for the current retention window.

Support

Need help?

Reach the ShareOTP team at [email protected] and we will get back to you quickly.

Audit log available in AdminInvite teammates in seconds