Secure file sharing
Email attachments fail on large files, leak into inboxes forever, and bypass your access controls. A better approach combines encrypted transfer links, short expiring URLs, and discipline about what you share in the first place. This guide walks through sharing contracts, design assets, and logs with clients or teammates using SlashGit's transfer and link tools — without routing sensitive data through personal Gmail or public paste bins.
Step 1: Classify what you are sending
Before uploading anything, label the sensitivity: public (marketing assets), internal (drafts), or confidential (contracts, credentials, PII). Confidential files should never use permanent public links. If the recipient only needs to view a document once, prefer a time-limited transfer over a shared Drive folder with indefinite access.
Remove metadata you do not intend to share: author names in PDF properties, GPS data in photos, and hidden sheets in Excel exports. For screenshots of configs, redact API keys even if you plan to rotate them — assume screenshots end up in ticket systems indefinitely.
Step 2: Upload via secure file transfer
Open File Transfer and drag your file into the uploader. The tool generates a unique download link you can share with the recipient. Prefer the shortest practical expiry window — 24 hours for one-time deliveries, seven days for client review cycles. Longer windows increase the chance a forwarded link outlives the relationship that justified access.
For bundles larger than a single attachment, zip related files with a clear filename (acme-contract-v3-signed.zip) so support threads stay searchable. The transfer page includes a QR code option useful when sharing links in person or on video calls without pasting long URLs into chat.
Step 3: Shorten links without losing control
Raw transfer URLs are long and ugly in SMS or Slack. Run the link through the URL Shortener to produce a compact slashgit.com short link that still resolves to your secure download. Short links are easier to read aloud on calls and fit character limits on Twitter/X.
Document internally which short link maps to which client and expiry. When a project closes, revoke access by letting the transfer expire rather than leaving dormant links in old messages. If your workflow requires password protection, deliver the password on a separate channel (phone or Signal), never in the same email as the link.
Step 4: Encode secrets safely when you must share text
Sometimes you need to share a short secret — an API key for staging, a webhook signing string — between two developers. Avoid Slack DMs for plaintext secrets. If you must send encoded text, use the Base64 Encoder only as transport obfuscation, not encryption, and pair it with an expiring transfer or in-person handoff. Rotate the credential immediately after it reaches the recipient.
Never commit .env files to git, never attach them to tickets, and never upload them to anonymous file hosts. Environment files belong in a secrets manager; file transfer is for documents and artifacts, not production credentials.
Step 5: Verify delivery and clean up
After sending, ask the recipient to confirm download success within the expiry window. If they miss the window, generate a fresh link rather than extending old ones indefinitely — each new link should be a deliberate decision. Delete local copies of highly sensitive files from your Downloads folder once the task completes.
For recurring client deliveries (monthly reports, creative exports), use a naming convention and the same transfer tool each time so recipients know what to expect and phishing links stand out. Consistency is a security feature.
Step 6: Build team habits
Add these rules to your onboarding doc: no confidential attachments in email, default to File Transfer with expiry, use URL Shortener only for links you are willing to log internally, and treat Base64 as a last resort. Review shared links quarterly in client channels and remove anything past its useful life.
Secure sharing is less about exotic encryption and more about reducing exposure time, limiting audience, and using tools designed for temporary delivery. SlashGit's transfer and shortener stack fits that model without forcing recipients to create accounts or install desktop clients.