Vaulted – Encrypted Secret Sharing with Client-Side Encryption

Summary: Vaulted encrypts secrets in the browser using AES-256-GCM before sending them to the server, ensuring the server never accesses the plaintext. It generates self-destructing links with optional passphrases and requires no accounts or tracking, providing secure, anonymous secret sharing.

What it does

Vaulted encrypts data client-side, storing the encryption key only in the URL fragment, which browsers do not send to servers. It offers self-destructing links with view limits and expiration, plus a CLI tool and GitHub Action for CI/CD integration.

Who it's for

It is designed for users who need to share sensitive information like passwords or API keys securely without relying on server-side encryption or account registration.

Why it matters

Vaulted eliminates the risk of servers accessing secrets by performing encryption entirely in the browser, addressing common insecure secret-sharing practices.