Password-Protect a Client PDF Deliverable

Delivering an audit report to one client

Encrypt with a manager-generated per-client password, log it against the engagement, deliver, and text the key. A misaddressed email leaks nothing usable.

Input:  Acme-FY26-audit-report.pdf (22 pages, 1.3 MB)
Manager generates: "7Kp$2mQrLz9vXn4w" (16 random chars)
Field:  Set password = "7Kp$2mQrLz9vXn4w"

Log in vault: Acme Ltd / FY26 audit / sent via portal / 2026-06-06
Deliver encrypted PDF via client portal; SMS the password.

Scrub firm metadata, then encrypt a legal opinion

Internal templates leak the partner's name and the firm's file server path in the producer/creator fields. Strip them, then encrypt for the client.

Step 1 — pdf-metadata-scrubber:
  Author   "j.smith"            -> (cleared)
  Producer "WordPerfect/InternalTpl" -> (cleared)
Step 2 — pdf-password-protect:
  Set password = vault-generated per-client key

The client receives a clean, encrypted opinion.

Re-sending a lost password from the vault

A client emails: "I can't open the report." Because you logged the password against the engagement, retrieval is instant — no re-encrypting needed.

Client: "What's the password for the FY26 report?"
Look up vault entry: Acme Ltd / FY26 audit -> "7Kp$2mQrLz9vXn4w"
Re-send via the secure channel (SMS).

The deliverable itself is unchanged; only the key is re-shared.

Client asks for a no-print version

Some clients want the report viewable but not printable. This tool can't do that — it allows printing once opened. Use the permission setter for that requirement.

Requirement: "View only, no printing."

pdf-password-protect alone: print is allowed after open.

Use pdf-permission-setter:
  Owner password = set
  Block printing = on
  -> report opens but Print is disabled.

Empty password is refused — no accidental plaintext delivery

Click run with the field blank and the tool stops you, rather than delivering an unprotected report that you think is encrypted.

Field:  Set password = ""
Result: Error — "Enter a password."  No file produced.

No risk of shipping a client deliverable in the clear by accident.

An open password lets the client open the file but does not restrict printing, copying, or editing afterwards (--print=full --extract=y --modify=all). If the engagement requires view-only delivery, use the permission setter with Block printing / Block copying enabled.

This tool has one password field, so the open and owner passwords match. If you need to give the client an open password while retaining a different owner password for your firm, use the permission setter, which exposes a dedicated owner field.

Large reports with charts or scanned exhibits can exceed the 2 MB free limit. Compress with the lossy compressor to fit, or use Pro (50 MB / 500 pages). Over-limit files are blocked before processing.

If the source PDF already carries a password, qpdf can't read it to re-encrypt and the tool errors (exit code 2). Decrypt with the remove-password tool first, then apply the new per-client password.

An open password is access control at the file level — it can't track opens, log readers, or revoke access remotely. That requires a DRM or document-tracking platform. This tool stops anyone without the password from opening the file; that's the boundary.

Many client portals and email previews won't render an encrypted PDF inline. The client must download it and open it in a PDF reader, which prompts for the password. Note this in your delivery message to avoid a support exchange.

Because you logged the per-client password against the engagement, you can re-send it instantly. If you didn't log it and you've lost it too, there's no recovery — AES-256 with a strong password can't be brute-forced. Keep the source deliverable until access is confirmed.

A report merged from multiple exhibits may hit qpdf's warning path (exit code 3), but the encrypted output is valid and returned. Open it once to confirm the prompt before delivering.