Presented herein are techniques to implement end-to-end encryption. A method includes, encrypting content C with an encryption key EK to obtain encrypted content C′, generating a key encrypting key KEK based on a password, encrypting the encryption key EK with the key encrypting key KEK to obtain an encrypted encryption key EK′, storing the encrypted content C′ and the encrypted encryption key EK′ such that the encrypted content C′ and the encrypted encryption key EK′ are accessible to a content consumer via a link, sending the link and the password to the content consumer, and in response to a request, received via the link, for the encrypted content C′ and the encrypted encryption key EK′, sending the encrypted content C′ and the encrypted encryption key EK′ to the consumer based on the content consumer being on an access control list.