One-time mode: encrypted payload is stored briefly in Redis and deleted atomically on first open.
The decryption key remains client-side in the URL fragment (or shared passphrase).
Create secret link
View secret
Opening consumes the secret once key proof validates. Incorrect passphrase does not consume the secret.