Password sharing

PassAgent uses envelope encryption for secure credential sharing. When you share a password, a per-item encryption key is wrapped with the recipient’s RSA-OAEP public key. The recipient decrypts the key with their private key and accesses the credential — the server never sees the plaintext.

Direct share

Share with a specific PassAgent user by email. The credential is encrypted with their public key.

Group share

Share with a group of users. Each member gets an individually encrypted copy of the item key.

Permissions

Each share includes a permission level:

Permission	Can view	Can copy	Can edit	Can reshare
View	Yes	No	No	No
Use	Yes	Yes	No	No
Edit	Yes	Yes	Yes	No
Admin	Yes	Yes	Yes	Yes

Beyond static credential sharing, PassAgent supports session sharing — sharing an authenticated browser session without revealing the underlying password.

Capture session

PassAgent captures cookies and session tokens from an authenticated browser tab.

Create share link

A time-limited, encrypted share link is generated. The recipient can use the link to access the authenticated session.

Access session

The recipient opens the link in a sandboxed browser environment. They interact with the service as if logged in, but never see the password.

Session shares have configurable expiration times and can be revoked at any time. The underlying password is never exposed to the recipient.

Audit trail

Every share action is logged:

Who shared what, with whom, and when
Permission level granted
When the share was accessed or revoked
IP address and device information

Navigate to Dashboard > Security to view the full audit log.

Core

Platforms

Advanced

AI and automation

Direct share

Group share

Permissions

Audit trail

Core

Platforms

Advanced

AI and automation

​How sharing works

​Sharing methods

Direct share

Group share

​Permissions

​Session sharing

​Audit trail

How sharing works

Sharing methods

Permissions

Session sharing

Audit trail