EnvDrop
Stop sharing secrets in plaintext
Hey everyone, I got tired of seeing API keys and database passwords shared in Slack DMs, Discord messages, and plain-text emails. We all know it's bad practice, but the alternatives either require sign-ups, feel sketchy about their encryption, or just have too much friction for quick sharing. So I built EnvDrop. a zero-knowledge secret sharing tool designed specifically for developers. What it does: You paste a secret (or drag-and-drop an entire .env file), and your browser encrypts it with AES-256-GCM before anything leaves your device. You get a one-time link to share. The recipient opens it, their browser decrypts it locally. Done. What "zero-knowledge" actually means here: - Encryption happens entirely client-side using the Web Crypto API - The encryption key lives in the URL fragment (#key), browsers never send fragments to the server over HTTP - The server stores only the encrypted blob, it literally cannot decrypt your data - Even if the database gets breached, attackers get nothing but unreadable ciphertext - Don't trust me? The entire codebase is open source, audit the crypto yourself Features: - Burn after read, secret self-destructs after one successful decryption - Password protection, optional PBKDF2-derived second layer - Auto-expiry. - .env file support, drag-and-drop, up to 200KB - No sign-up, no accounts, no tracking, no cookies - Fully open source (MIT) - Live: envdrop.dev - GitHub: github.com/redenv-labs/envdrop Built by Redenv Labs
About
Hey everyone, I got tired of seeing API keys and database passwords shared in Slack DMs, Discord messages, and plain-text emails. We all know it's bad practice, but the alternatives either require sign-ups, feel sketchy about their encryption, or just have too much friction for quick sharing. So I built EnvDrop. a zero-knowledge secret sharing tool designed specifically for developers. What it does: You paste a secret (or drag-and-drop an entire .env file), and your browser encrypts it with AES-256-GCM before anything leaves your device. You get a one-time link to share. The recipient opens it, their browser decrypts it locally. Done. What "zero-knowledge" actually means here: - Encryption happens entirely client-side using the Web Crypto API - The encryption key lives in the URL fragment (#key), browsers never send fragments to the server over HTTP - The server stores only the encrypted blob, it literally cannot decrypt your data - Even if the database gets breached, attackers get nothing but unreadable ciphertext - Don't trust me? The entire codebase is open source, audit the crypto yourself Features: - Burn after read, secret self-destructs after one successful decryption - Password protection, optional PBKDF2-derived second layer - Auto-expiry. - .env file support, drag-and-drop, up to 200KB - No sign-up, no accounts, no tracking, no cookies - Fully open source (MIT) - Live: envdrop.dev - GitHub: github.com/redenv-labs/envdrop Built by Redenv Labs
Comments (0)
No comments yet. Be the first to share your thoughts!