The simplest method is to create a form that has a field with a name that does not conflict with any WP reserved words
<form ....>
<input name="post_passcode" .....>
</form>
This is just the basics, of course you should also add a nonce field as well as sanitizing the input.
add_action('init', 'test_form_passcode');
function test_form_passcode() {
if (!isset($_POST['post_passcode'])) {
return;
}
// sanitize
// WP_Query
// If results, loop, get post permalink
wp_redirect($post_permalink);
}