Stop sharing secrets in plaintext.

Paste a secret or drop a .env file. Everything encrypts in your browser. The server never sees it.

Share a Secret Drop a .env File

Client-side encryptedBurn after readOpen source

envdrop - zero-knowledge sharing

How it works

Three steps. Zero knowledge. No account needed.

paste your secret

Paste or drop

Paste a secret or drag your .env file. Everything stays in your browser, nothing leaves your machine yet.

AES-256-GCM

insk_live_8xh2kQ9n

out

Encrypted locally

Your browser encrypts everything using AES-256-GCM. The encryption key lives only in the URL fragment, never sent to the server.

secure link

/s/a8f3k2#key

copy

Slack

Share the link

Send the link over Slack, email, wherever. The recipient's browser decrypts it. The server deletes the blob after.

Built for developers who care about security

Every feature designed with zero-trust in mind.

1DB_HOST=prod.db.internal

2API_KEY=sk_live_9x8h2k

3SECRET=a1b2c3d4e5f6g7h8

encrypted

Zero-knowledge

Encryption happens entirely in your browser. The server stores only encrypted blobs and can never see your data.

.env.local1.2kb

drop here

.env file drop

Drag and drop any .env file. The entire file is encrypted client-side and shared as a single secure link.

sk_live_a8f3Kx92bQ7n

viewed

Burn after read

Secrets self-destruct after being viewed. Once opened, the encrypted blob is permanently deleted.

locked

Password protection

Add an extra layer with a password. It is used as additional key material client-side, never sent to the server.

24h

Configurable expiry

Set secrets to expire after 1 hour, 24 hours, or 7 days. Expired blobs are automatically purged.

encrypt.ts

const key = generateKey()

const iv = randomBytes(12)

const cipher = encrypt(data)

const blob = upload(cipher)

return { blob, key }

Open source

The core encryption model is fully open source. Audit it, fork it, trust it. Transparency by default.

What's coming

We're building in the open. Here's where we're headed.

Live now

Secret sharing

Paste & encrypt secretsPaste & encrypt secrets
.env file drop.env file drop
Burn after readBurn after read
Configurable expiryConfigurable expiry
Password-protected secretsPassword-protected secrets

Workspaces & teams

User accounts & auth
Team workspaces
Role-based access
Dashboard & history

CLI & sync

CLI push & pull .env filesCLI push & pull .env files
Live sync on changeLive sync on change
Audit logsAudit logs
Custom expiry settingsCustom expiry settings

Integrations

Slack & Discord bot
REST API for CI/CD
SSO (SAML/OIDC)