end-to-end encrypted · zero-knowledge

Encrypted Paste

Share a secret through a self-destructing link. Your text is encrypted in your browser; we only ever store ciphertext we cannot read, and the paste can be set to vanish the first time it is opened.

0 / 20,000

Expires after

Burn after readingDestroy the paste the first time it is opened.

Your text is encrypted in this browser with AES-256-GCM. Only the ciphertext is uploaded; the decryption key is placed in the link's # fragment, which browsers never send to a server. We cannot read your paste.

About this tool

Encrypted Paste lets you share a sensitive snippet — a password, an API key, recovery codes, a private note — through a single link instead of pasting it into chat or email where it lingers forever. Your text is encrypted in your browser with AES-256-GCM before anything is sent. Only the resulting ciphertext is uploaded; the decryption key is placed in the link after the # fragment, which browsers never transmit to a server. That makes the service zero-knowledge: we store an encrypted blob we have no way to read.

By default a paste is one-time: the first time the link is opened, the ciphertext is deleted from the database in the same atomic operation that returns it, so it cannot be read twice. You can turn that off for a link that should stay readable until it expires. Every paste also has a lifetime — from one hour to thirty days — after which it is removed automatically, whether or not it was ever opened.

Because the key lives only in the link, anyone with the full link can decrypt the paste, and losing the link means losing the data — there is no recovery. Share the link over a channel you trust, and prefer the shortest expiry that works for you.

How to use it

01Type or paste the text you want to share into the box.
02Choose how long the link should live and whether it should burn after the first read.
03Click Create encrypted link — encryption happens in your browser.
04Copy the full link (including the part after #) and send it to the recipient.
05They open the link and the paste is decrypted locally; a one-time paste is then destroyed.

Frequently asked questions

Can you read my pastes?+

No. The text is encrypted in your browser with AES-256-GCM and only the ciphertext is uploaded. The decryption key is in the link fragment (after #), which is never sent to the server, so we hold an encrypted blob we cannot decrypt.

What does "burn after reading" do?+

It makes the paste one-time. The first reveal deletes the stored ciphertext in the same database operation that returns it, so the link stops working immediately afterwards. Save the contents when you open it.

What happens when a paste expires?+

It is deleted. Each paste is stored with an expiry between one hour and thirty days; expired rows are removed automatically and the link then returns a "not found" message.

What if I lose the link?+

The data is gone. The decryption key exists only inside the link, so there is no password reset or recovery — that is the trade-off for the server never being able to read your content.