gdo.sh federated Odoo development infrastructure
Request Access

Not for sale yet.

Drop your email and we'll let you know the moment it goes live.

SecretSwap Swaps · Harrison Consulting
ODOO MODULE · SECRET SHARING

Hand off a secret, keep the audit trail.

Swaps turn a secret into a single-use URL on your own Odoo. Expiry, access caps, password protection, and an audit log that names every reader come with it.

See how it works Talk to us →

Why

Onboarding a contractor, mailing a one-time API key, handing a client their VPN credentials — these moments tend to end with a secret stuck in an inbox forever. Swaps gives you a link instead: it lives on your domain, dies on a schedule you set, and writes who opened it to the chatter on the source record.

How it works

  1. Write the secret
    Paste text into the wizard. Content is encrypted by SecretSwap Core before it touches the database; only ciphertext lives in Postgres.
  2. Set the rules
    Choose anyone-with-link, portal-only, or internal-only access; cap the number of opens; set an expiry; optionally require a password.
  3. Publish
    The record moves from draft to published, exposing a /swap/<token> URL you can send by any channel.
  4. Recipient opens it
    The portal page decrypts in-flight, records IP, user agent, and website visitor, and increments the access count.
  5. Watch it close
    When the cap or expiry hits, the share state flips to consumed or expired and the URL stops working.

What's in the box

Single-use or capped tokens

Default is one open. Set a higher cap for team distribution, or zero for unlimited until the expiry fires.

Three access tiers

Anyone with the link, signed-in portal users, or internal users only — set per share and enforced server-side.

Optional bcrypt password

Add a password the recipient must type. Stored as a bcrypt hash; the share form supports an optional hint.

Per-access record

Every open creates a secretswap.share.access row with IP, user agent, user, and outcome — successful or failed.

Website visitor tracking

When the website module is present, anonymous opens are stitched to a visitor record for cross-session attribution.

Chatter and audit log

Each share has its own chatter; access events are duplicated into the SecretSwap audit log for cross-module review.

Compatibility

Odoo 19.0 secretswap_core portal website

Depends on secretswap_core, portal, website, and mail. Pair with secretswap_passwords_swaps to share vault items as Swaps, or secretswap_warden_swaps to expose Swaps as Bitwarden Sends.