Skip to content

Safe Links

Safe Links enables secure, time-bound, and access-limited sharing of vault asset (or non-asset) data with others using third party clients, without requiring the recipient to have a 12Port user account to view. It is designed for secure credential delivery via channels such as email, chat clients (e.g., Microsoft Teams, Slack), or ticketing systems, while maintaining full control and auditability.

Rather than copying and pasting sensitive credentials directly into communication platforms which can expose them to risk, users can generate a unique, access-controlled URL that allows external users to retrieve the information securely through the 12Port platform.

Key Capabilities and Uses

Safe Links provides a flexible and secure way to share privileged information with external users. Below are the key capabilities that define how Safe Links function, how they can be configured, and how they ensure both security and auditability during external access.

1. Secure External Access

Safe Links are designed for external consumption without compromising security:

  • Each Safe Link is a unique, GUID-based URL (e.g., https://contoso.12port.com:6443/ztna/Production/root/safe-link/c776a480-066c-4247-9255-889388d07174).
  • The link allows secure, browser-based viewing of asset (or non-asset) data stored in the Vault.
  • No 12Port authentication or account is required to view the Safe Link, ensuring ease of access for recipients.

2. Full Asset Sharing (Read-Only)

When a Safe Link is generated for a specific Asset, the following details are included:

  • All fields, including Passwords and other secured fields, valid at the time of viewing (excluding attached files).
  • Custom tags
  • TOTP (Time-based One-Time Password) codes, if available. TOTP codes are updated on each Safe Link view.

These fields are presented in read-only format and cannot be modified by the recipient.

3. Message Field

Each Safe Link includes a mandatory Message field, allowing the creator to include context or instructions relevant to the shared data. This message is prominently displayed to the recipient upon accessing the link.

Additionally, users may create a Safe Link not associated with any asset, using only the Message field. This enables secure sharing of manually entered credentials or other sensitive information, without referencing existing Vault content.

4. Expiration and View Limits

Safe Links are governed by two configurable constraints:

  • View Count Limit: Defines the maximum number of times the link can be viewed.
  • Expiration Time: A specific date and time after which the link becomes invalid.

Once either threshold is reached, the Safe Link becomes inaccessible and displays an access error to the viewer.

5. Lifecycle Management

Only the user who generates a Safe Link can:

  • Define or update the View Count Limit and Expiration Time
  • Compose and modify the Message field
  • Initially copy and distribute the unique Safe Link URL via secure channels (email, chat, etc.)
  • Optionally delete the active Safe Link, rendering it invalid.

6. Auditing and Compliance

Each access to a Safe Link is fully auditable in the Events Report log. Auditing details include:

  • View count (e.g., view=3/5)
  • Source IP address (e.g., source=127.0.0.1)
  • User agent string (e.g., agent=Mozilla/5.0 (Macintosh...))
  • Link expiration timestamp (e.g., expire=Oct 18, 2025 14:23:27)

This ensures that every access attempt is traceable for compliance and forensic purposes.

The Safe Links feature enhances secure collaboration with external parties by allowing time-limited, access-restricted sharing of sensitive Vault data, without sacrificing auditability, compliance, or exposing sensitive credentials or information in insecure applications like email or chat clients. It is a secure alternative to insecure credential sharing practices and is fully managed by the 12Port user who creates the link.