Privacy-first secrets sharing

Self-hosted, zero-knowledge architecture

Why EncryptedLink.net?

Password sharing is one of the most sensitive and important use cases in our modern digital age. Yet when I looked for self-hosted alternatives, I found nothing that met the requirements for true privacy and security.

Traditional password sharing methods—email, messaging apps, or cloud storage—expose your secrets to multiple parties: the service provider, network intermediaries, and potential attackers. Even “secure” services can be compromised, subpoenaed, or accessed by employees.

EncryptedLink.net solves this problem by implementing zero-knowledge architecture. We built a system where we literally cannot see your secrets, even if we wanted to. The encryption happens in your browser, and the decryption key never leaves your device.

How it works: Zero-knowledge architecture

Client-Side Encryption

Your secret is encrypted in your browser using AES-256-GCM before any data leaves your device. The encryption key is generated locally using Web Crypto API.

Double Encryption

The server applies a second layer of encryption, ensuring that even if client-side encryption is compromised, your data remains protected. Two keys, two layers of security.

Key in URL Fragment

The decryption key is stored in the URL fragment (after #), which is never transmitted to our servers. Only the recipient's browser can access it, ensuring true zero-knowledge.

Technical Details: We use AES-256-GCM encryption with 256-bit keys generated using the Web Crypto API. The URL fragment (hash) is never sent in HTTP requests, making it impossible for our servers to access your decryption key. You can verify this yourself using browser DevTools—check the Network tab and you'll see the fragment is never transmitted.

Security Guarantees

We cannot decrypt your secrets. The encryption key never leaves your browser, and the URL fragment is never transmitted to our servers.
One-time access only. Each link can be viewed once, then it's permanently deleted. No second chances, no history.
Automatic expiration. Links expire after 24 hours (or your custom timeframe), ensuring secrets don't linger indefinitely.
No tracking, no analytics. We don't track your usage, collect analytics, or store any metadata that could identify you.

Self-Host Your Own Instance

EncryptedLink.net is designed to be self-hosted. If you want complete control over your data and infrastructure, you can run your own instance on your own server.

Requirements:

Docker & Docker Compose - For containerized deployment
PostgreSQL Database - Included in Docker setup
Nginx - For reverse proxy and SSL (optional but recommended)
VPS or Server - Ubuntu 24.04 LTS recommended
Domain Name - For SSL certificates (optional)

Interested in self-hosting? Reach out if you'd like guidance on setting up your own instance. The deployment is straightforward with Docker Compose, and I can help you get started.

Ready to share securely? Start using EncryptedLink.net today—no account required, no tracking.