Open Source on GitHub

Zero-Knowledge Secure Note Sharing

Privacy-first secret sharing. Encrypt credentials, configuration .env files, and private text directly in your browser. Raw keys never touch the cloud. No signup, no tracking.

AES-256-GCMZero SignupSelf-Destructing
protectedshare.me/s#key=...
1. Input (Your Browser)Plaintext
DATABASE_URL=postgresql://db_user:••••••••@host:5432/production
Client AES-256-GCM
2. Stored (Database)Encrypted Blob
{ "iv": "e6f1a8c9...", "ciphertext": "U2FsdGVkX1+v8vKxL6vYh3s7M...", "tag": "b1f49..." }
ZERO-KNOWLEDGE UTILITIES

Explore Our Core Features

Each utility operates entirely within your browser runtime. Choose the application that fits your security workflow.

Secure Notes & Letters

Create password-protected letters and configurations. Send the decryption key separate from the secure link to achieve high-grade two-channel security.

Write Secure Note

EnvShare (Developer Keys)

Share database strings, configurations, and API keys. The decryption key remains stored inside the URL hash fragment, never reaching database log servers.

Share Secrets Safely

Encrypted Notepad

An offline-first personal scratchpad. Encrypts documents with client-side SHA-256 account credentials and supports markdown rendering and custom styling themes.

Open Private Notepad
PRODUCT COMPARISONS

ProtectedShare vs. Alternatives

Read how our zero-knowledge implementation compares to other privacy solutions and note-sharing utilities.

FeatureSecure NotesEnvShareNotepad
Primary Use CasePasswords, private notes, letters.env files, API keys, developer secretsCross-device scratchpad, personal logs
Password DeliveryCustom/auto, sent via separate channelEmbedded in link hash (1-click decryption)User-defined master password (zero-knowledge)
PersistenceTimed expiration (Optional Burn)Self-destructs after 1-10 readsCloud-synced vault (persists until deleted)
Security Rating
★★★★★Cloudflare isolation, split keys
★★★★☆Cloudflare isolation, url hash keys
★★★★★SHA-256 hashed account verifiers
Read the security blog for guides and updates

* Note: Cloudflare's global worker network powers our backend database routines, ensuring high availability and edge isolation.

ZERO-KNOWLEDGE TRUST MODEL

True Client-Side Encryption

Encryption keys never leave your machine, providing a mathematical guarantee of security.

Browser Encryption

Plaintext is encrypted in the browser using AES-256-GCM. Raw keys and unencrypted text are never sent to the network.

Burn After Reading

Secrets are permanently expunged from memory and database tables immediately upon decryption. Zero remnants remain on server logs.

Zero Tracking

We use no tracking scripts, no third-party cookies, and collect zero telemetry logs. Your IP address is never stored with database items.

Deploy Your Own Instance

Need dedicated infrastructure for your enterprise? ProtectedShare supports quick deployment via Docker. You can provision completely isolated, self-hosted frontend and API nodes.

Read the Docker self-hosting instructions

Frequently Asked Questions

Clear answers regarding our encryption flow and technical operations.

Is ProtectedShare really free?
Yes, 100% free with no signup, no accounts, and no usage limits. Create unlimited encrypted notes, share .env files, and generate self-destructing secret links at zero cost.
What is the difference between Secure Notes and EnvShare?
Secure Notes is designed for high-security, 2-channel sharing (you send the note link via one app like Slack, and the password via another like SMS or Signal). EnvShare is built for quick 1-click sharing of code/dotenv files where the decryption key is embedded in the link's hash fragment (e.g. #password) so the recipient doesn't need to manually copy-paste passwords.
How is this different from EnvShare?
ProtectedShare includes all EnvShare features (AES-256 encrypted .env sharing with configurable TTL and read limits) plus: encrypted notes with separate password delivery, an offline-first encrypted notepad, dark/light mode, and a mobile-optimized interface. EnvShare is no longer actively maintained.
Can the server read my secrets?
No. Your data is encrypted with AES-256-GCM entirely in your browser before being sent to the server. For the Encrypted Notepad, usernames are hashed client-side using SHA-256 before transit so we don't know who owns which notepad, and passwords are never transmitted. The encryption keys never leave your device, making it cryptographically impossible for anyone — including hosts and administrators — to decrypt your data.
Is this a good ProtectedText alternative?
Yes. ProtectedShare offers stronger encryption (AES-256-GCM), a modern mobile-friendly interface, self-destructing notes, .env file sharing, and an encrypted notepad — all without accounts.
Is ProtectedShare a secret sharing website?
Yes. ProtectedShare is built for sharing secrets, notes, API keys, and .env files through encrypted links that can expire or self-destruct after a set number of reads.
How do I share API keys securely?
Go to the EnvShare page, paste your API keys or .env file, choose an expiration time and read limit, then click 'Encrypt & Generate Link'. The decryption key stays in the URL hash fragment and is never sent to the server.
What happens after someone opens my link?
It depends on your read limit. If set to 1 read (burn-after-read), the data is permanently deleted after the first view. With multiple reads (3, 5, or 10), the counter decrements and deletes at zero.

Need dedicated infrastructure?

We deploy completely isolated, private zero-knowledge instances for enterprises. Custom domains, dedicated databases, and compliance support.

Contact our team