Skip to main content

Creating Secure Links

SHIELD allows you to create secure, access-controlled links for files and messages. This guide covers all the options and best practices.

Content Types

SHIELD supports two types of content:
Upload any file type: images, documents, videos, archives, etc.Supported formats: All file types Max size: Depends on your plan (Free: 30MB, Pro: 1GB)Files are encrypted client-side before upload, so file type detection happens locally in your browser.

Access Policy Options

When creating a link, you configure three key parameters:

Recipient Address

The Ethereum wallet address that is authorized to access your content. 
Example: 0x742d35Cc6634C0532925a3b844Bc9e7595f0bEb
The recipient must use the same wallet address when accessing the link. Double-check the address before creating the policy—typos cannot be fixed later.

Expiration Time

Set when the link becomes invalid:
OptionDurationUse Case
1 hour60 minutesQuick shares
24 hours1 dayTime-sensitive docs
7 days1 weekProject collaboration
30 days1 monthLong-term sharing
CustomAny durationSpecific needs
Once a link expires, it cannot be reactivated. The encrypted content remains on IPFS but becomes inaccessible.

Max Attempts

Limit how many times the content can be accessed:
  • 1 attempt: Maximum security, single use
  • 3 attempts: Recommended for most use cases
  • Unlimited: Convenient but less secure
Each access requires the recipient to sign an on-chain transaction, creating an immutable audit trail.
  1. Select Content Type
    • Click “Upload File” or “Write Message”
    • Follow the prompts
  2. Configure Policy
    • Enter recipient wallet address
    • Select expiration
    • Set max attempts
  3. Create
    • Review your settings
    • Click “Create Secure Link”
    • Sign the transaction in your wallet
  4. Copy the Link
    CRITICAL: The secure link is only shown once. The decryption key is in the URL fragment (after #). Copy the entire link immediately.
A SHIELD secure link looks like: 
https://app.shieldhq.xyz/r/{policyId}#{secretKey}
ComponentDescription
policyIdUnique identifier for your access policy (public)
secretKeyDecryption key (private, never leaves browser)

Best Practices

Always double-check the wallet address. One wrong character means the wrong person (or no one) can access your content.
Don’t set links to expire too soon. Give recipients enough time to access the content, especially considering time zones.
3 attempts is usually sufficient. The recipient can view the content multiple times within each attempt.
SHIELD doesn’t store your unencrypted content. Keep a backup of important files.