It's a function in Amber signer (assume other signers too).

On the main page you tap Plus button to add new application then you select "Add a nsecbunker". It should give you secure connection string.

You ca configure relays and expiry for extra protection. It seems to have worked for us as well.