Vault Send Request How it works Security & Trust 🇬🇧 🇩🇪
  • Send
  • Request
  • How it works
  • Security & Trust

    • Vault status

    Operational health, deployed build and cryptography details. No content is exposed.

    The counters below show encrypted database rows only. Contents, labels or plaintext are never visible.

    Active secrets

    0

    Ciphertext rows currently stored and not yet expired. Each is readable exactly once.

    Active requests

    0

    Open secret requests waiting to be filled, plus fulfilled requests not yet collected.

    To collect

    0

    Requests that have been filled and are waiting for the requester to collect the response.

    Application commit

    760287abb

    Short SHA of the deployed monorepo build. This pins the running application code.

    Component commit

    513ef579f

    Short SHA of the last monorepo commit that touched the secrets component. This is what was built.

    Mirror commit

    99aa60490

    Public mirror commit corresponding to this deployed component. Derived deterministically from the monorepo component tree, so the SHA matches the commit on the mirror. Click to open it.

    Browser JS hash

    53e81748094e31a5a30436ff6b76bc55476bbc84a2369f88af1af9420f8982ee

    SHA-256 of the minified secrets bundle delivered to the browser. Fetch the source from the public mirror and recompute the hash to verify what runs in your browser.

    Last deploy

    2026-06-16 06:42:41 UTC

    Modification time of the deployed version file. Cleanup runs once per minute via cron.

    Environment

    production

    All API endpoints are rate-limited per IP to protect the service against abuse.

    License

    AGPL-3.0

    Backend and browser crypto are published under the GNU Affero General Public License v3.0 on the public mirror.

    Cryptography

    All cryptographic operations happen in the browser. The server only ever sees ciphertext.

    Symmetric cipher AES-GCM-256 Key agreement X25519 Key derivation HKDF-SHA256 Password-based derivation PBKDF2-SHA256, 1200000 iterations Nonce 12 bytes random per ciphertext Token 16 bytes random, base64url-encoded Token length 22 characters in the URL path

    Limits

    Values are enforced server-side. Exceeding them returns a 4xx response.

    Lifetime range 60 seconds to 7 days Max ciphertext size 1 MiB per secret Write rate limit per IP 10 requests / 60 seconds Read rate limit per IP 20 requests / 60 seconds

    Source code

    Read each file on the public mirror with syntax highlighting, or grab the raw bytes for offline review and hashing.

    secrets.js (browser crypto) view · raw SecretService.php view · raw SecretsValidators.php view · raw Create.php view · raw Retrieve.php view · raw CreateRequest.php view · raw Fulfill.php view · raw GetRequest.php view · raw RetrieveFulfillment.php view · raw Base64Url.php view · raw SecretLogger.php view · raw     Share a secret How it works     Security & Trust Status Source Privacy Policy Imprint security.txt © 2026 Erseni Ltd. Zero-knowledge by design.