Subscribe to the Non-Human & AI Identity Journal

Secure send

Secure send is a mechanism for sharing text or files with encryption and optional expiry controls. It protects the transfer channel and the original payload, but it does not by itself define who should own the content, how long it should exist, or whether it belongs in a governed repository.

Expanded Definition

Secure send is best understood as a controlled delivery pattern for text or files, usually combining encryption in transit with an expiry window, download limits, or other access controls. In NHI and IAM environments, it is often used to move credentials, logs, incident data, or policy artifacts without leaving them permanently exposed in chat, email, or shared drives. That said, definitions vary across vendors: some products treat secure send as a messaging feature, while others frame it as a broader content-sharing workflow. For governance, the distinction matters. A secure send action may protect the transfer, but it does not automatically establish ownership, retention, classification, or repository placement. Those obligations still need to be enforced through policy and lifecycle controls, such as those described in the NIST Cybersecurity Framework 2.0. NHI Management Group treats secure send as a transport safeguard, not a substitute for secret management or records governance. The most common misapplication is using secure send as a long-term storage channel, which occurs when teams forward secrets or sensitive files instead of placing them in governed systems.

Examples and Use Cases

Implementing secure send rigorously often introduces friction for recipients, requiring organisations to weigh fast sharing against tighter access discipline and shorter availability windows.

  • A security team sends a revoked API key report to an incident responder through a time-limited link instead of email attachment sprawl.
  • A platform engineer shares a certificate bundle with a deployment team while preserving encryption and restricting downloads until the rollout window closes.
  • An auditor receives evidence files via secure send, then the files are moved into a governed repository after review rather than remaining in the delivery portal.
  • A help desk transmits a one-time recovery file to an approved operator, with expiry aligned to the service window and access logged for review.

These workflows are strongest when paired with lifecycle controls, because the deliverable should not become the authoritative record by accident. The Ultimate Guide to NHIs notes that 96% of organisations store secrets outside of secrets managers in vulnerable locations including code, config files, and CI/CD tools, which is exactly the kind of sprawl secure send should help avoid. For identity handling and access governance, the NIST Cybersecurity Framework 2.0 reinforces that delivery controls must be coupled to asset and access management.

Why It Matters in NHI Security

Secure send becomes important when organisations need to move high-value data without creating another permanent exposure point. In NHI operations, that often includes credentials, certificates, token rotation evidence, or forensic exports tied to service accounts and automation pipelines. The security failure is not usually the encryption itself; it is the assumption that encrypted delivery equals governance. Once a file leaves a secure-send envelope and is copied into inboxes, ticketing tools, or unmanaged storage, the original protection loses much of its value. NHI Management Group research shows that 79% of organisations have experienced secrets leaks, with 77% of those incidents resulting in tangible damage, which illustrates why temporary transfer controls must be paired with strict handling rules. Secure send should also be treated as part of a broader control stack that includes retention, revocation, and least-privilege access, consistent with Ultimate Guide to NHIs guidance on lifecycle discipline and visibility. Organisations typically encounter the limits of secure send only after a secret has been forwarded, reused, or retained beyond its intended purpose, at which point the term becomes operationally unavoidable to address.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST SP 800-63 set the governance and control requirements practitioners need to meet.

Framework Control / Reference Relevance
OWASP Non-Human Identity Top 10 NHI-02 Secure send can expose secrets if it replaces governed secret storage.
NIST CSF 2.0 PR.AA-01 Access and delivery controls must enforce who can receive sensitive content.
NIST SP 800-63 Identity assurance principles inform recipient authentication for secure delivery.

Require strong recipient authentication before allowing access to sensitive sends.