TL;DR: End-to-end encrypted text and file sharing with expiration, deletion, access-count limits, and optional password protection are now available through Bitwarden Send, according to Bitwarden. For IAM and security teams, the real issue is not whether sharing is encrypted, but how short-lived, recipient-scoped disclosure fits broader secrets and access governance.
NHIMG editorial — based on content published by Bitwarden: how to transmit encrypted information with Bitwarden Send
Questions worth separating out
Q: How should security teams govern encrypted file sharing for sensitive information?
A: Treat encrypted file sharing as a controlled disclosure mechanism, not as a substitute for identity governance or secrets management.
Q: When does a secure sharing feature become a governance risk?
A: It becomes a governance risk when teams use it for secrets, regulated records, or recurring operational exchanges without policy, ownership, or retention rules.
Q: What do organisations get wrong about password-protected sharing?
A: They often assume a password and link expiration make the transfer fully safe.
Practitioner guidance
- Define approved use cases for secure sends Limit encrypted sends to scenarios where temporary disclosure is acceptable and the content does not belong in a secrets vault or governed document repository.
- Set retention rules for sensitive content Require deletion and expiration settings that match the business purpose of the transfer, and make ownership clear so the content is retired when the task ends.
- Prohibit secrets distribution through ad hoc sends Block the use of encrypted messages for API keys, tokens, certificates, and other secrets unless there is an explicit exception and a tracked recipient path.
What's in the full article
Bitwarden's full article covers the step-by-step Send workflow this post intentionally leaves for the source:
- How to create a Send object in the Bitwarden desktop client from start to finish
- Which options control deletion date, expiration date, maximum access count, and password protection
- How the copy-link workflow works across web, desktop, and mobile clients
- What free accounts can and cannot do when using Send
👉 Read Bitwarden's guide to using Bitwarden Send for encrypted sharing →
Bitwarden Send: what encrypted sharing means for identity teams?
Explore further
Encrypted sharing is not identity governance. Bitwarden Send narrows disclosure windows and reduces casual leakage, but it does not answer the governance questions that matter most to IAM teams: who approved the transfer, who owns the content, and when it should be retired. Encryption protects the payload, not the policy behind it. The implication is that organisations must distinguish secure transport from governed access.
A few things that frame the scale:
- 88.5% of organisations acknowledge that their non-human IAM practices lag behind or are merely on par with their human identity and access management efforts, according to The 2024 Non-Human Identity Security Report.
- 59.8% of organisations see value in a solution that simplifies non-human access management and introduces dynamic ephemeral credentials.
A question worth separating out:
Q: How can teams decide whether to use secure send or a governed repository?
A: Use secure send for brief, recipient-specific disclosure where the content does not need durable access controls or audit trails. Use a governed repository when the information has ongoing business value, needs access review, or must be retained under policy.
👉 Read our full editorial: Bitwarden Send and the hidden governance gap in secure sharing