Share Encrypted Notes Locally - No Server Storage

The most secure way to share passwords and API keys. Data is encrypted in your browser and stored only in the URL link.

Notice: This link never expires because we don't store it. Only someone with the password and this exact URL can ever see the content.

Local-Only

How to use LocalSecret

  1. 1Paste or type your sensitive content in the secret area
  2. 2Set a master password — share it with the recipient through a different channel if possible
  3. 3Click Seal & generate link; your browser encrypts with AES-GCM (256-bit key derived via PBKDF2)
  4. 4Copy the link: ciphertext and IV are only in the URL hash, not on our servers
  5. 5Anyone with the link enters the same password to decrypt locally in RAM

Privacy & architecture

Encryption and decryption run only in your browser via the Web Crypto API. Next.js API routes never see your plaintext, password, or ciphertext — the fragment after # is not sent to the server when loading the page.

🔒 Processed locally in your browser.