Secure Paste (Client-Side, Link Fragment)

Encrypt text locally in your browser with Web Crypto (AES-GCM) and share using URL hash fragments only.

Text / Code snippet

Drag and drop a text file here (optional).

Tip: You can also paste directly from clipboard into the textarea.

Passphrase (required)

Shareable link (hash fragment only)

0 chars • link length: n/a

Wipe visible content after

Limitations & Safety Notes

No backend storage: pastes are not saved on a server.
No true burn-after-read, deletion, expiration, or view counts without backend state.
Best for short sensitive snippets due to URL length limits.
Encrypted payload is stored in the URL fragment (#...), which is not sent in normal HTTP requests.
Share passphrase via a separate secure channel.

About this tool

Secure Paste is a static, no-backend encryption utility for developers who need to share short secrets or snippets quickly. Encryption and decryption happen entirely in-browser using the Web Crypto API.

Common use cases

Share one-time API tokens between teammates during troubleshooting.
Pass short config snippets securely over chat using a separate passphrase channel.
Exchange temporary lab credentials without storing plaintext on a server.

How it works

You enter text and a passphrase in create mode.
The browser derives an encryption key via PBKDF2 and encrypts with AES-GCM.
Encrypted payload is encoded into the URL fragment for sharing.
The recipient opens the link and decrypts locally using the passphrase.

FAQ

Is data uploaded to a server?
No. Only static assets are downloaded. Encrypted content remains in the URL fragment.

Can this guarantee self-destruct?
No. True deletion/expiration needs backend state. This tool intentionally avoids fake claims.

What if decryption fails?
Usually the passphrase is wrong or the link payload is incomplete/corrupted.